We are planning to switch the persistence profiles of our existing virtual servers from cookie to cookie persistence. I understand this can be achieved by modifying the existing cookie profile to enable encryption however our requirement is to retain the default cookie persistence, and create a cookie encryption profile then apply to all virtual servers which were using cookie persistence. In order to preserve the default cookie profile, how do I clone the default cookie profile, then update the original cookie profile to add encryption and retain the cloned one as default?
Is this approach possible? are there any better ways of doing this?
Again, thank you in advance!
Per K14488: Working with profiles, F5 does not recommend modifying any of the default, F5-supplied profiles that come with a BIG-IP system. Instead, you can create a new, custom cookie persistence profile using the default, F5-supplied profile named cookie as the parent profile, and configure cookie encryption within the custom profile while preserving the F5-supplied default. To explain the process, let's name this new cookie persistence profile new_cookie. Here's a summary of the steps:
I realize step 7 can be a heavy lift if you have hundreds of virtual servers. Obviously, there's the good-old fashioned approach which is to modify each virtual server's configuration manually. Or you could run a script from the command line to do it in a more automated way. You could also consider merging new configuration data from a custom SCF that simply has the virtual server updates.
Great, thanks a lot. I can do steps 1-6 but I would love to know from anyone on how to automate this since I need to do this on multiple bigips which has at least 100 vs in them. 😞