Forum Discussion

andrewbytes's avatar
andrewbytes
Icon for Altocumulus rankAltocumulus
Jun 27, 2019

Adding (unmatched) Device to Existing HA group

Here's my story sad but true;

I'm adding a NEW Big IP to device group to upgrade all of it. I am ALSO adding VE so I have "options" if I need more memory/Disk for business continuity, and streamline getting to the cloud.

PER this article;

https://support.f5.com/csp/article/K15496

 

I have;

Configured NTP/Networking info

Forced the two NEW systems off-line.

Added Self IP to SYNC (HA) VLAN (but not floating IP's - I'm gun-shy!)

Configured VLANS the same as the other systems with unique Self IP's on the appropriate portions of my network.

 

Now I am up to Adding "Device Trusted Member" and it's asking me to verify the certificate HOWEVER - it is DIFFERENT from the first two systems. Should I be copying the certificate to the two new systems (i2850 and VE system) before I continue to make sure they ALL operate on the SAME certificate?

 

Should they be the same or "gun-it-and-go"

 

2 Replies

  • Hi andrewbytes,

     

    Are you talking about the Device Management ›› Device Trust page in the GUI when you add a peer? I believe step 2 of that process is "Verify Device Certificate". If that is correct then that page is basically just asking you to verify that it is the correct device that you want to add. There should be no need to copy any certificates if that is what you are referring to.

  • NO I realized that the two trusted certificate started and ended the same, but the middle bits were very different. I gunned it, and went, the systems are NOW in sync. Once I added them to the failover group (staying "offline" at that point) the configurations copied over, and all was fine. I had to install my Geolocation files manually (boo for not mentioning in the documentation.) and right now I'm not seeing Geolocation other than the USA - but my firewall may not be passing the rejected IP's to me, since I'm on a new MAC address.