hi, someone advised to better config big-ip via cli rather than gui, and for HA cluster, should config on standby unit rather than active unit. Are these advices correct? if yes, why need to do so? can anyone please advise, thanks in advance!

Herman2024 It is recommended to use the GUI whenever possible. For me, when I make a lot of changes at once I use the CLI because it's faster but if it's just a few changes I will perform them in the GUI. If you have your HA cluster setup to auto-sync the configuration between devices it doesn't matter if you make the changes on the active or standby unit. If you made the changes on the standby unit you theoretically have a slight delay for the changes to sync to the primary unit. Food for thought. A lot of the F5 certificate questions are GUI based so it would be better in the long run to make the changes in the GUI.

Should config via cli rather than gui?

Aswin_mk
Cumulonimbus
Nov 21, 2024
Hi Herman2024
You can use the CLI to configure management IP addresses. To log in to the CLI, you need to connect to the system using a management console or console server, and then log in using an account with admin access.
You can use the Configuration utility to update or upgrade BIG-IP HA systems.
For HA clusters, you should make configuration changes on the active peer and wait for the changes to sync to the other peer before making any additional configuration changes

FOr me i am using GUI for all administrative works in LTM,GTM,AFM,ASM and APM. CLI using for troubleshooting purposes (logs, captures, connections status). Also management interface(ssh,httpd) related changes aswell performing via CLI

BR
Aswin
M_najafikhah
Altostratus
Nov 21, 2024
I agree with Aswin on management, configuration, and troubleshooting.
Regarding HA, I would say you must configure changes on the active chassis to see the impact of the change. If you make a change on the standby chassis, you cannot confirm whether it works fine or not.
Also, we have two options for configuration sync: Automatic and Manual. If you use the Manual option, it provides a safer way to roll back the configuration. Make the change on the active chassis first; if everything works well, you can sync the configuration. Otherwise, you can sync the configuration from the standby chassis to the active one.
zamroni777
Nacreous
Nov 22, 2024
f5 trainer said use gui whenever possible as most used features are most supported.
moreover, you can easily see more relevant config parameters in gui.
Mayur_Sutare
MVP
Nov 25, 2024
On the question of cli or gui interface, I would say it depends on every admin. Someone might be more used to wit GUI and someone might also prefer CLI. Personally I started with GUI and then shifted to CLI as a part of my own curiosity initially, then I started preferring only CLI for the requirement of my job responsibilities. In depth Understanding of CLI will be required for automation, scripting jobs on the F5.

If you are already familiar with GUI, I would recommend you to start exploring CLI. That will definitely help you.

Regarding your 2nd question, I agree with other folks answers. You need to make changes on ACTIVE unit only so it will get applied / take an effect as per changes done.

Hope it helps!

M
Paulius
MVP
Nov 25, 2024
Herman2024

It is recommended to use the GUI whenever possible. For me, when I make a lot of changes at once I use the CLI because it's faster but if it's just a few changes I will perform them in the GUI.

If you have your HA cluster setup to auto-sync the configuration between devices it doesn't matter if you make the changes on the active or standby unit. If you made the changes on the standby unit you theoretically have a slight delay for the changes to sync to the primary unit.

Food for thought. A lot of the F5 certificate questions are GUI based so it would be better in the long run to make the changes in the GUI.
Kerry
Cirrus
Nov 27, 2024
i use both. GUI the most. CLI useful when you have lots of the same stuff to configure at once or the same stuff over several different non HA F5's. and you can pre-create the lines in a text editor.

i also have admin partitions so both HA F5's are active as the TG groups are set to fail back to a preferred F5. set the MAC address on the TG groups