Upgrade to 10.2.4

Question

Do to the latest SSH vulnerability (SOL13600) I need to upgrade my software to 10.2.4 as it is not affected&nbsp;
It's been 6+ months since we had our LTM units installed and I don't recall the update procedures.  We have an active/standby with both serial and network failover&nbsp;
I read SOL11215 and I just want a sanity check to make sure I got this right.&nbsp;
1. Reactivate license on both devices
&nbsp;2. backup configs on both units
&nbsp;3. On the standby device login to system management upload the 10.2.4 image
&nbsp;4. Install 10.2.4 to boot location
&nbsp;5. Mark boot location with 10.2.4 as active and reboot
&nbsp;6. failover to upgraded unit
&nbsp;7. repeat steps 3 thru 5 on on other unit
&nbsp;8. fail back to other unit&nbsp;
&nbsp;Please let me know if I am missing anything or any gotchas.  This seems pretty straight forward, but then again I'm just a server guy that has the privledge of managing these units.&nbsp;

hooleylist · Answer

Hi Jeremy, 
&nbsp;  
&nbsp; That looks good to me.  If you need to back out you can always fail over to the un-upgraded unit or boot back to the original slot you were running on before the upgrade. 
&nbsp;  
&nbsp; Out of curiosity, which LTM version are you currently running?  If it's pre-10.2.0, make sure to check your monitor send strings as bigd behavior changed: 
&nbsp;  
&nbsp; sol10655: Change in Behavior: CR/LF characters appended to the HTTP monitor Send string  
&nbsp; http://support.f5.com/kb/en-us/solutions/public/10000/600/sol10655.html 
&nbsp;  
&nbsp; Aaron

jeremy_42669 · Answer

Sorry forgot to mention this.  We are currently on 10.2.3 HF1. 
&nbsp;  
&nbsp; Thanks for help.  There was a lot of information in SOL11215 and I just want to make sure I get it right.

el_jefe · Answer

Jeremy - You can also follow the outlined procedures in SOL13600 to re-configure the SSH access, this is non-disruptive. But, I would always encourage you to run the latest code.  
&nbsp;  
&nbsp; Hope this helps, 
&nbsp;  
&nbsp; Jeff

shiva_73294 · Answer

Hi Guys,&nbsp;
Can we ignore step 1) relicensing, if the Service Check Date is later than License Check Date ? i think yes&nbsp;
Have i understood http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7727.html correctly ?&nbsp;
Cheers, Shiva&nbsp;

Forum Discussion

Upgrade to 10.2.4

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

Software Upgrade

Upgrade to 15.1.10

Getting Started with BIG-IP Next: Upgrading Instances

Getting Started with BIG-IP Next: Upgrading Central Manager

F5 LTM HA pair upgrade Automation using Python