Switching profile from cookie to cookie persistence

Per K14488: Working with profiles, F5 does not recommend modifying any of the default, F5-supplied profiles that come with a BIG-IP system. Instead, you can create a new, custom cookie persistence profile using the default, F5-supplied profile named cookie as the parent profile, and configure cookie encryption within the custom profile while preserving the F5-supplied default. To explain the process, let's name this new cookie persistence profile new_cookie. Here's a summary of the steps:

1. Create a new local traffic persistence profile named new_cookie.
2. Set Persistence Type to Cookie.
3. Set Parent Profile to cookie.
4. Check the little custom box at the far right of the Cookie Encryption Use Policy setting, then change the setting from disabled to required.
5. Check the little custom box at the far right of the Encryption Passphrase setting, and enter the string of your choice into the space provided.
6. Finish the configuration.
7. Change all your virtual servers configurations that use cookie as their Default Persistence Profile to use new_cookie instead.

I realize step 7 can be a heavy lift if you have hundreds of virtual servers. Obviously, there's the good-old fashioned approach which is to modify each virtual server's configuration manually. Or you could run a script from the command line to do it in a more automated way. You could also consider merging new configuration data from a custom SCF that simply has the virtual server updates.