F5 Hotfix Install and Configuration

Today I’m going to be covering how to do an F5 Hotfix installation or upgrade. Before going into the step by step guide here is some information about how F5 structures their code releases. Up to version 11.5.1 F5’s code schema was major_release(11).minor_release(5).maintenance_release(1). Since 11.5.2 and going forward the maintenance_release is replaced by Hotfix roll ups, plus additional bug and security fixes. Let’s work our way from the back up. Maintenance releases address code problems and bugs but don’t introduce new features (or shouldn’t, but as with everything in life… always do your due diligence and read the fine print/release notes). Minor releases include some small product and feature enhancements, stability improvements and may include new hardware support. Major releases will include significant changes in the behavior, architecture and features of the F5 code. You can review the F5 software support schedule here.

Generally speaking you want to select the code version with the most relevant features for your environment but also stay up to date on the technology to address stability and security concerns. When having to chose between x.0.0 and x.1.0 you want to chose the latter because it’s a long term stability release. Long term stability release means that the code addresses an oftentimes lenghty list of bug and defect fixes from the original x.0.0 release.

Now onto the interesting part. Prepare your Hotfix (short HF) upgrade by downloading the base and Hotfix image from downloads.f5.com. You need to have an F5 account to download images, but registration is free and doesn’t require you to have a corporate e-mail address.

I like to have a console or AOM (always on management) connection to the device that I’m upgrading. If you want to learn how to set up the AOM read this blog post.

Start by relicensing your device. Go to System > License > Re-activate. If you’re not sure on how to proceed you can follow my License reactivation guide here.

Now that the license is reactivated you create your backups and archive. I like to copy the bigip.conf and create a UCS archive. Store both in a safe location off of the device. This will help you in case anything disastrous happens during your upgrade. Also, it will make it easier and faster for you to restore your configuration. Go to System > Archives and click create. Enter the file name and click finished. If you don’t want to do this on the GUI you can run the following command on the CLI to create your UCS:
tmsh save /sys ucs /var/tmp/$something.ucs


Once the archive is generated click it and the following screen will open from which you can download the archive:


The next step is to import the image to the device. You can either upload the Hotfix image through the GUI (System > Software Management > Hotfix List: Import) or scp it to /shared/images/ and it will automatically show up in your list of available images. In order to install a Hotfix image you need to have the base image available on the device.


Next, go to System > Software Management: Hotfix List. Select the checkbox for the Hotfix image and click install.


Select the boot location (Volume set name field) to which you want to install the image. You can overwrite an existing volume’s image or create a new one by simply typing the number of the boot location and a new volume will be created automatically. There is no need to install the base image first and to then install the Hotfix to the same boot location – the F5 will take care of this automatically and install the base image before applying the Hotfix.


Give it about 10 minutes for the install to complete. The F5 will show a progress bar.


Once finished navigate to System > Software Management: Boot Locations. Click the boot location to which you’ve installed the Hotfix. If you want to transfer the current configuration to the new boot location make sure to change the Install Configuration drop down to yes and select the Boot Location from which you want to copy the config. Now click activate and open a console connection to your F5.



Your F5 is now rebooting into the new volume. I like to watch the boot messages for anything that looks like it’s out of the norm. Your device should come back up after 10-20 minutes.



Leave a Reply

Your email address will not be published. Required fields are marked *