For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jeremy_42669's avatar
Jeremy_42669
Icon for Nimbostratus rankNimbostratus
Jun 13, 2012

Upgrade to 10.2.4

Do to the latest SSH vulnerability (SOL13600) I need to upgrade my software to 10.2.4 as it is not affected

 

It's been 6+ months since we had our LTM units installed and I don't recall the update procedures. We have an active/standby with both serial and network failover

 

I read SOL11215 and I just want a sanity check to make sure I got this right.

 

1. Reactivate license on both devices

 

2. backup configs on both units

 

3. On the standby device login to system management upload the 10.2.4 image

 

4. Install 10.2.4 to boot location

 

5. Mark boot location with 10.2.4 as active and reboot

 

6. failover to upgraded unit

 

7. repeat steps 3 thru 5 on on other unit

 

8. fail back to other unit

 

 

Please let me know if I am missing anything or any gotchas. This seems pretty straight forward, but then again I'm just a server guy that has the privledge of managing these units.

 

basic
getting started
new to f5

4 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jun 13, 2012
    Hi Jeremy,

     

     

    That looks good to me. If you need to back out you can always fail over to the un-upgraded unit or boot back to the original slot you were running on before the upgrade.

     

     

    Out of curiosity, which LTM version are you currently running? If it's pre-10.2.0, make sure to check your monitor send strings as bigd behavior changed:

     

     

    sol10655: Change in Behavior: CR/LF characters appended to the HTTP monitor Send string

     

    http://support.f5.com/kb/en-us/solutions/public/10000/600/sol10655.html

     

     

    Aaron
  • Jeremy_42669's avatar
    Jeremy_42669
    Icon for Nimbostratus rankNimbostratus
    Jun 13, 2012
    Sorry forgot to mention this. We are currently on 10.2.3 HF1.

     

     

    Thanks for help. There was a lot of information in SOL11215 and I just want to make sure I get it right.
  • El_Jefe's avatar
    El_Jefe
    Icon for Nimbostratus rankNimbostratus
    Jun 27, 2012
    Jeremy - You can also follow the outlined procedures in SOL13600 to re-configure the SSH access, this is non-disruptive. But, I would always encourage you to run the latest code.

     

     

    Hope this helps,

     

     

    Jeff
  • Shiva_73294's avatar
    Shiva_73294
    Icon for Nimbostratus rankNimbostratus
    Nov 05, 2013

    Hi Guys,

     

    Can we ignore step 1) relicensing, if the Service Check Date is later than License Check Date ? i think yes

     

    Have i understood http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7727.html correctly ?

     

    Cheers, Shiva