Upgrading 4200 from BIG IP 11.5.4 to 12.x

Question

I currently have a 4200 with following modules LTM, APM and ASM running on 11.5.4 code. We would like to go the 12.x code. What is the best practice do this code upgrade? Our DMZ F5's are configured with the virtual's pool member as the virtuals on the inside F5. This was configured as a security measure is my understanding. I was thinking of upgrading one F5 at a time in the HA pair a night and give it a 24 hr period to see if the applications behave. I think one would need to upgrade an the DMZ F5 and the Internal F5 one device each per HA the same night. In case there is an issue with the apps we can failover to the redundant box running on code 11.

youssef1 · Answer

Hi.&nbsp;
Before you even talk about the best way to do it, it's important to follow best practices for upgrades (backup, check release notes, reactivate license, ...):&nbsp;
https://devcentral.f5.com/codeshare/7-steps-checklist-before-upgrading-your-big-ip-1053&nbsp;
So you can follow this following Procédure:&nbsp;
Check if you have a scrit running on your F5 (for backup, crl update or something like that), because you will have to set it after upgrade.before upgrading check Network map in order to see the status of VS, pool pool members, ... for comparing this result after upgrading (more pool memebers offline for example).Upgrade F5 DMZ standby (follow 7-steps-checklist-before-upgrading by JTI)
When the upgrade will be finished and your equipemnet reboot:Check that your asm is enable (it take time).check that you can see event logs in asm.Check if your policy is in the same mode (blocking, transparent, ...).check that your application work fine (especially those who embeded a policy asm)Check your VPN too if you have have a service like thatCheck endpoint inspection (av, fw, ...)...Switch from Active (11.5) to standby (12.x)
Once you have tested your DMZ F5 your can do the same F5 INT.&nbsp;
You can upgrade your Internal F5 during your test on your DMZ f5 in order to gain time an swith once you do all your test.&nbsp;
Hope it's help you.&nbsp;
Regards&nbsp;

Forum Discussion

Upgrading 4200 from BIG IP 11.5.4 to 12.x

Recent Discussions

How do I create a traffic log for two different route domains?

Http / https health monitor issue

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

Related Content

Upgrade F5 BIGIP

Upgrade to 15.1.10

BIG-IP Upgrades Part 2 - Upgrade Behavior

Software Upgrade

iHealth Upgrade Advisor: Making upgrades a little easier

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS