AskF5 Watch on YouTube

Updating BIG-IP HA systems with a point release

3 min read 3 months ago
Published on Nov 12, 2025 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial provides a step-by-step guide for updating your BIG-IP high availability (HA) system to the latest point release, specifically focusing on version 15.1.0.4, which addresses the CVE-2020-5902 vulnerability. Following these instructions will help ensure a smooth and secure upgrade process for your BIG-IP systems.

Step 1: Install the Point Release on the First Device

  1. Validate the Configuration

    • Before starting the upgrade, ensure that your current configuration is stable and functional.

  2. Verify the Service Check Date

    • Check the service check date to confirm that your system is eligible for an update.

  3. Synchronize the Configuration

    • Execute a configuration synchronization to ensure all devices in the HA pair are up-to-date.

  4. Create and Save a UCS Archive

    • Create a UCS (User Configuration Set) archive to back up your current configuration.
    • Use the following command to create the archive:
      save sys ucs <filename>.ucs

  5. Import the ISO File

    • Download the ISO file for the new version from the F5 downloads page.
    • Import the ISO file into your BIG-IP system.

  6. Import the MD5 Checksum File

    • Download the MD5 checksum file corresponding to the ISO.
    • Import it to verify the integrity of the ISO file.

  7. Verify the MD5 Checksum

    • Run a checksum verification to confirm the ISO file is not corrupted. Use the command:
      md5 <filename>.iso

  8. Disable Automatic Incremental Sync

    • Temporarily disable the "Automatic with Incremental Sync" option to prevent automatic synchronization during the upgrade.

  9. Install and Reboot to the New Version

    • Install the new point release and allow the system to reboot. Monitor the installation process for any issues.

  10. Verify the New Version

    • After rebooting, log in and verify that the new point release version is active.

  11. Force a Failover

    • Initiate a failover to ensure the secondary device is functioning correctly with the new version.

Step 2: Install the Point Release on the Next Device

  1. Repeat the Steps from Step 1

    • Follow the same steps outlined in Step 1 to upgrade the second device in your HA setup.

  2. Verify the New Version

    • After the upgrade, confirm that the new point release version is active on the second device.

  3. Force a Failover Again

    • Conduct another failover to ensure system stability across both devices.

Step 3: Perform the Final ConfigSync

  1. Execute a Final Configuration Sync
    • Run a final configuration synchronization to ensure all changes are propagated across the HA system.

Step 4: Optional Restore Automatic Incremental Sync

  1. Re-enable Automatic Incremental Sync
    • If desired, restore the "Automatic with Incremental Sync" option to resume automatic synchronization for future changes.

Conclusion

Updating your BIG-IP HA system is crucial for maintaining security and performance. By following these steps, you can ensure a successful upgrade process. Remember to back up configurations and verify each step to avoid issues. For further assistance on BIG-IP upgrades, refer to the F5 support articles linked in the video description.

Table of Contents

Recent