cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Switching profile from cookie to cookie persistence

asabado
Altocumulus
Altocumulus

We are planning to switch the persistence profiles of our existing virtual servers from cookie to cookie persistence. I understand this can be achieved by modifying the existing cookie profile to enable encryption however our requirement is to retain the default cookie persistence, and create a cookie encryption profile then apply to all virtual servers which were using cookie persistence. In order to preserve the default cookie profile, how do I clone the default cookie profile, then update the original cookie profile to add encryption and retain the cloned one as default?

 

Is this approach possible? are there any better ways of doing this?

 

Again, thank you in advance!

2 REPLIES 2

crodriguez
F5 Employee
F5 Employee

Per K14488: Working with profiles, F5 does not recommend modifying any of the default, F5-supplied profiles that come with a BIG-IP system. Instead, you can create a new, custom cookie persistence profile using the default, F5-supplied profile named cookie as the parent profile, and configure cookie encryption within the custom profile while preserving the F5-supplied default. To explain the process, let's name this new cookie persistence profile new_cookie. Here's a summary of the steps:

 

  1. Create a new local traffic persistence profile named new_cookie.
  2. Set Persistence Type to Cookie.
  3. Set Parent Profile to cookie.
  4. Check the little custom box at the far right of the Cookie Encryption Use Policy setting, then change the setting from disabled to required.
  5. Check the little custom box at the far right of the Encryption Passphrase setting, and enter the string of your choice into the space provided.
  6. Finish the configuration.
  7. Change all your virtual servers configurations that use cookie as their Default Persistence Profile to use new_cookie instead.

 

I realize step 7 can be a heavy lift if you have hundreds of virtual servers. Obviously, there's the good-old fashioned approach which is to modify each virtual server's configuration manually. Or you could run a script from the command line to do it in a more automated way. You could also consider merging new configuration data from a custom SCF that simply has the virtual server updates.

asabado
Altocumulus
Altocumulus

Great, thanks a lot. I can do steps 1-6 but I would love to know from anyone on how to automate this since I need to do this on multiple bigips which has at least 100 vs in them. 😞