Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Switching profile from cookie to cookie persistence

asabado
Altocumulus
Altocumulus

‎12-Feb-2021 23:01

We are planning to switch the persistence profiles of our existing virtual servers from cookie to cookie persistence. I understand this can be achieved by modifying the existing cookie profile to enable encryption however our requirement is to retain the default cookie persistence, and create a cookie encryption profile then apply to all virtual servers which were using cookie persistence. In order to preserve the default cookie profile, how do I clone the default cookie profile, then update the original cookie profile to add encryption and retain the cloned one as default?

 

Is this approach possible? are there any better ways of doing this?

 

Again, thank you in advance!

Labels:
0 Kudos
2 REPLIES 2

crodriguez
Legacy Employee
Legacy Employee

‎13-Feb-2021 16:11

Per K14488: Working with profiles, F5 does not recommend modifying any of the default, F5-supplied profiles that come with a BIG-IP system. Instead, you can create a new, custom cookie persistence profile using the default, F5-supplied profile named cookie as the parent profile, and configure cookie encryption within the custom profile while preserving the F5-supplied default. To explain the process, let's name this new cookie persistence profile new_cookie. Here's a summary of the steps:

 

  1. Create a new local traffic persistence profile named new_cookie.
  2. Set Persistence Type to Cookie.
  3. Set Parent Profile to cookie.
  4. Check the little custom box at the far right of the Cookie Encryption Use Policy setting, then change the setting from disabled to required.
  5. Check the little custom box at the far right of the Encryption Passphrase setting, and enter the string of your choice into the space provided.
  6. Finish the configuration.
  7. Change all your virtual servers configurations that use cookie as their Default Persistence Profile to use new_cookie instead.

 

I realize step 7 can be a heavy lift if you have hundreds of virtual servers. Obviously, there's the good-old fashioned approach which is to modify each virtual server's configuration manually. Or you could run a script from the command line to do it in a more automated way. You could also consider merging new configuration data from a custom SCF that simply has the virtual server updates.

0 Kudos

asabado
Altocumulus
Altocumulus

‎13-Feb-2021 19:09

Great, thanks a lot. I can do steps 1-6 but I would love to know from anyone on how to automate this since I need to do this on multiple bigips which has at least 100 vs in them. 😞

0 Kudos
Copyright © 2023 Khoros, LLC