F5 Image Upgrade

Pre-Activity:

• Backup the Configuration (UCS File-System - Archives) and Qkview.It is a good idea to keep a copy somewhere other than the F5 especially during an update).
• Make Sure that the traffic is not passing through the device which is going to get upgraded.
• verify that the support contract is active for a given F5 device serial number via this link.
• Shut the production interface (Shut it in the remote device).
• Shut the HA Port (Shut it in the Active Device).
• Disable Auto Sync Option.
• Reboot the F5 and check for no errors during startup.

Upgrade Procedure:

• License reactivation - System > License. Click Re-activate
• Make sure to verify whether the Default Server Profile is enabled. Because  In BIG-IP 11.x, the default value for the Server SSL profile is Require Strict.Means,  if you’ve got a server that doesn’t support secure SSL renegotiation, your app is broken. The solution is to update the SSL server profile to go back to “request”(But its Risk).
• Download the recent ISO version for F5 BIGIP LTM
• Upload the ISO to the standby unit
• Install the ISO to a free partition on the standby unit
• Change boot location to the new partition (System - Software Management - Boot Location) and device automatically reboots.
• After 6 to 7 mins, Device will boot with new version.
• Log in and check that the box is running with the expected version-System - Configuration - Version.

Post Activity:

• Validate the Configuration.
• Shut the production interface of the Active LTM (LB1).
• Enable production Interface of the Standby LTM (LB2).
• In case if the HA is through MGMT Interface, Make the LB1 to Force Standby.
• Verify that the LB2 is in active state.
• Check the Status of the Traffic and Monitor it for a day.
• If all good, Proceed with the upgrade on LB1 which is in standby now. Otherwise Rollback to LB1 and fix the issue in LB2.