Forum Discussion
Nathan_Vitiritt
Nimbostratus
NimbostratusUpgrade from 11.2 to 11.4
I'm planning an upgrade of our LTM HA pair this weekend from 11.2.0 HF2 to 11.4.1 HF2. I have already ran the iHealth and performed a backup of the configuration on both devices along with doing my b...
EF_26348Nimbostratus
NimbostratusHello Nathan -
Your post was very helpful to me. I just upgraded my LTM 1600s fom v11.2.1 to v11.4.1 HF8. The process went smoothly and I didn't have to perform "7. Restart the standby device to get confsync working" as both units automatically came to "Changes pending" state after the reboot of the primary unit.
Maybe HF 8 works different, I don't know but it worked fine.
Thanks again for your post.
Jayanth
weblead_151334Folks-I am opting for migration from F5 Version: 10.2.4 to Viprion is installed -TMSH-VERSION: 11.5.1 ...we have a huge infrastructure (200 virtual servers http & https with one connect ,ssl profiles & 7 common I rules across all VIP ) ...currently viprion VERSION: 11.5.1 is installed & one of the site has been migrated successfully but remaining 200 virtual server's needs to be migrated within a time period of 1 month so...would like to know the best practices for migration ..Is there any ways to mimic the existing virtual servers along with associated I rules & corresponding pools over viprion in an automated ways either via tmsh command line so....During cutover the vip can be disabled over F5 & enabled over Viprion ....Please advise ...secondarily during recent pen test we have discovered few security vulnerabilities which needs to be migrated ... 1.TLS/SSL Renegotiation 2.SSL Weak Cipher Suites Supported 3.BIG-IP cookie remote information disclosure 4.Secure cookie attribute not set 5.SSL/TLS RC4 Cipher Suites Supported we are using cookie based persistent profile but due to SSL offloading over F5 the cookie is not encrypted. Development is looking to carry SSL traffic for backend servers weblogic from F5(later Viprion one month) Shall i migrate one instance over Viprion & start SSL testing there instead of F5 ? If so please advise over the process of enabling SSL over Viprion please advise how to encrypt LTM cookie. Can it be enabled just by selecting the option Encrypt Cookies over profile attached to VS My observation over client ssl profile tied to VS Renegotiation enabled Renegotiate Period-Indefinite Renegotiate Size -Indefinite Cipher used over client ssl profile-ALL:!ADH:!MD5:!EXP:!LOW:HIGH:MEDIUM LTM cookie is n't encrypted anyone can see via fiddler/wireshark etc. Would like to know how to set the cookie encrypted No SSLV2 No SSLV3 Is the ciphers are different over F5 & Viprion ?- boneyard
MVP
i would advise you to start a new question, because this really isn't related to the original question anymore. you could also consider making separate questions as you ask a lot of questions. finally first please search, because most of your pen test results are very common and have been discussed before here.
