Can we delete the wom-default-clientssl and serverssl profiles ?

In general, deleting F5-supplied configuration objects is not advised. There are not that many of them and, in some cases, dependencies exist, hence the general warning about leaving such objects untouched.

Is there something in particular about these two profiles that make you interested in deleting them? My guess is there are many other F5-supplied objects you are also not using.

Thanks ... is there any reason there are wom-default-serverssl and clientssl profiles defined in the bigip.conf as well as in the profile_base.conf ..... why would they have to be in both ?

profile_base.conf contains all default protocol profile and persistence profile settings. When we by mistake modify or delete the parent profiles, sometimes it may cause sync issues or configuration issues as there will be lot of dependies. It's recommended not to touch the parent profiles.

I know, my question is why would the wom-default-clientssl and wom-default-serverssl profiles be both in the profile_base.conf as well as in the bigip.conf ..... why not just in the profile_base.conf ?

Let me put it in this way,

• profile_base.conf

   

  • PRE-CONFIGURED PROFILES
  • This file defines a pre-configured profile with all attributes defined
  • and a default rule for each profile type.
  • The profiles and rules are named the same as their type.
  • For example, the profile of type "http" has the name "http".
  • Profiles and rules in this file may be modified but not deleted.
  • The file is loaded before bigip.conf.

• bigip.conf

   

  • Your actual ltm configuration file.
  • To get WAN optimization up and running, we use the default wom-default-clientssl profile

Is there any benefit to having the wom-default-clientssl and wom-default-serverssl in both the profile_base.conf as well as the bigip.conf ? If we do not use those profiles at all, why not remove from bigip.conf ?

Profiles in profile_base.conf are not used at run-time. They are only used to create the initial default BIG-IP configuration such as the first time you start up your BIG-IP system or on a "tmsh load sys config default." Only the ones in bigip.conf apply at run-time. Removing a default profile from bigip.conf may cause the issues jaikumar identified earlier and is not a recommended practice due to the dependencies jaikumar also identified. Instead of asking the question, "Why not remove them..." I would ask you why you do want to remove them? Are you having trouble with resource allocation or looking to make the running config smaller?