@kgaigl , it is highly recommended to do that in a maintenance Window , specially if you have " voice " services or FTP applications on you Big-ip device. if your services are web application only , you will not feel by impact during your action. > I have do this before with 2 devices in HA , on of them was faulty and when getting the RMA new device , I installed it with the other node without any impact. - I Broke the HA and device Trust and Configure the HA and build the trust from Scratch again , and it worked fine. > only Follow these KBs : This you have shared it : https://support.f5.com/csp/article/K62249587 > Re-build Device Trust : https://support.f5.com/csp/article/K42161405
but it is better to do it in a maintenance Window.
Hi @kgaigl , yes , it is a best Practise to Break the device trust even if you do not use the management network in " Config sync or mirroring " Or even if you did not build the device trust between devices by " HA or other Vlans interfaces " Not by using Management ips. > Before I have implemented a HA between 2 F5 appliances , and I did not use Management interfaces to build the trust " Exchange certificates " , and instead of that I used the " HA" Vlan ips/interfaces , and it works well until now. > But the issue is : open ( Device management >>> select Devices >>> Properities TAB) you can see the Peer device name and its management ip address. So changing management ips without break the trust will make some issues , as the management ip address info is transferred at the first time when building trust. So the Result is : Management ip address is used to be an identification for appliance. So you need to break the trust and change your management network as you read in this KB "https://support.f5.com/csp/article/K62249587" , after changing mangement ips , try ti build trust again " use the new mgmt ips / or HA ips " it will work well.
> And After finishing your Trust , and HA settings , and make sure that your apliances become "insync" again. Navigate ( Device management >>> select Devices >>> Properities TAB) you should see under properities TAB The new mgmt ip address of the other Peer , and same thing if you logged in the other appliance.
@kgaigl , it is highly recommended to do that in a maintenance Window , specially if you have " voice " services or FTP applications on you Big-ip device. if your services are web application only , you will not feel by impact during your action. > I have do this before with 2 devices in HA , on of them was faulty and when getting the RMA new device , I installed it with the other node without any impact. - I Broke the HA and device Trust and Configure the HA and build the trust from Scratch again , and it worked fine. > only Follow these KBs : This you have shared it : https://support.f5.com/csp/article/K62249587 > Re-build Device Trust : https://support.f5.com/csp/article/K42161405
but it is better to do it in a maintenance Window.
