Forum Discussion
Per K14488: Working with profiles, F5 does not recommend modifying any of the default, F5-supplied profiles that come with a BIG-IP system. Instead, you can create a new, custom cookie persistence profile using the default, F5-supplied profile named cookie as the parent profile, and configure cookie encryption within the custom profile while preserving the F5-supplied default. To explain the process, let's name this new cookie persistence profile new_cookie. Here's a summary of the steps:
- Create a new local traffic persistence profile named new_cookie.
- Set Persistence Type to Cookie.
- Set Parent Profile to cookie.
- Check the little custom box at the far right of the Cookie Encryption Use Policy setting, then change the setting from disabled to required.
- Check the little custom box at the far right of the Encryption Passphrase setting, and enter the string of your choice into the space provided.
- Finish the configuration.
- Change all your virtual servers configurations that use cookie as their Default Persistence Profile to use new_cookie instead.
I realize step 7 can be a heavy lift if you have hundreds of virtual servers. Obviously, there's the good-old fashioned approach which is to modify each virtual server's configuration manually. Or you could run a script from the command line to do it in a more automated way. You could also consider merging new configuration data from a custom SCF that simply has the virtual server updates.