Upgrade to 10.2.4

Question

Do to the latest SSH vulnerability (SOL13600) I need to upgrade my software to 10.2.4 as it is not affected&nbsp;
It's been 6+ months since we had our LTM units installed and I don't recall the update procedures.  We have an active/standby with both serial and network failover&nbsp;
I read SOL11215 and I just want a sanity check to make sure I got this right.&nbsp;
1. Reactivate license on both devices
&nbsp;2. backup configs on both units
&nbsp;3. On the standby device login to system management upload the 10.2.4 image
&nbsp;4. Install 10.2.4 to boot location
&nbsp;5. Mark boot location with 10.2.4 as active and reboot
&nbsp;6. failover to upgraded unit
&nbsp;7. repeat steps 3 thru 5 on on other unit
&nbsp;8. fail back to other unit&nbsp;
&nbsp;Please let me know if I am missing anything or any gotchas.  This seems pretty straight forward, but then again I'm just a server guy that has the privledge of managing these units.&nbsp;

hooleylist · Answer

Hi Jeremy, 
&nbsp;  
&nbsp; That looks good to me.  If you need to back out you can always fail over to the un-upgraded unit or boot back to the original slot you were running on before the upgrade. 
&nbsp;  
&nbsp; Out of curiosity, which LTM version are you currently running?  If it's pre-10.2.0, make sure to check your monitor send strings as bigd behavior changed: 
&nbsp;  
&nbsp; sol10655: Change in Behavior: CR/LF characters appended to the HTTP monitor Send string  
&nbsp; http://support.f5.com/kb/en-us/solutions/public/10000/600/sol10655.html 
&nbsp;  
&nbsp; Aaron

jeremy_42669 · Answer

Sorry forgot to mention this.  We are currently on 10.2.3 HF1. 
&nbsp;  
&nbsp; Thanks for help.  There was a lot of information in SOL11215 and I just want to make sure I get it right.

el_jefe · Answer

Jeremy - You can also follow the outlined procedures in SOL13600 to re-configure the SSH access, this is non-disruptive. But, I would always encourage you to run the latest code.  
&nbsp;  
&nbsp; Hope this helps, 
&nbsp;  
&nbsp; Jeff

shiva_73294 · Answer

Hi Guys,&nbsp;
Can we ignore step 1) relicensing, if the Service Check Date is later than License Check Date ? i think yes&nbsp;
Have i understood http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7727.html correctly ?&nbsp;
Cheers, Shiva&nbsp;

Forum Discussion

Upgrade to 10.2.4

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Software Upgrade

Upgrade to 15.1.10

Getting Started with BIG-IP Next: Upgrading Instances

iHealth Upgrade Advisor: Making upgrades a little easier

BIG-IP Upgrades Part 2 - Upgrade Behavior

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS