FirePass NSE RMA4 Replacement Script. FirePass. Network Support Engineer RMA4 Replacement Script, Version 1.01

FirePass NSE RMA4 Replacement Script

FirePass NSE RMA4 Replacement Script Page 1 of 13

FirePass

FirePass NSE RMA4 Replacement Script

Table of Contents:

Background

Field Technician Arrival at Site

Field Technician Equipment

Preparation - Download the Base Software

RMA4 Step 1- Unrack the Old Unit, Rack Replacement Unit

RMA4 Step 2 - Determine if a Software Update is Required

RMA4 Step 2 - Upgrade the Base Software Version (If Required)

FirePass NSE RMA4 Replacement Script

FirePass NSE RMA4 Replacement Script Page 3 of 13

Background

Throughout this document, the Field Technician is referred to as “he.” This should be construed as the gender neutral use of the word and read as “he or she” and “his or hers” when used as a possessive pronoun.

This document is written for F5 Network Support Engineers (NSEs) to use as a guide for taking a Field Technician Service Provider through the RMA4 process.

The F5 RMA4 model is an accelerated Standard RMA. The Field Tech and the NSE assigned to guide the Field Tech are to get the replacement unit to the state where the customer can introduce the replacement into the customer’s network.

Because the F5 RMA4 is an accelerated Standard RMA, the F5 RMA4 process is limited to the following three steps:

1. Remove and replace the defective appliance or FRU

2. Restore the system software to the closest manufacturing validated release 3. Activate the license on the replacement appliance

The F5 RMA4 process does not include any of the following steps:

Specific requests made by the end-customer’s on-site representative(s) Installing hotfixes or software patches

Software upgrades

Creating or restoring the UCS Moving data from FIPS

Downloading and running End-User Diagnostics Memory upgrades

Connecting network cables and failover cables

If the end-customer asks the Field Tech to perform any of these steps, you are to instruct the Field Tech that these are beyond the scope of his duties and not to fulfill the end-customer request.

Field Technician Arrival at Site

The Field Tech will be instructed by the RMA Coordinator assigned to the case to call in to F5 Support as soon as the Field Tech arrives on site. When you are connected to the Field Tech for the first time, verify that the Field Tech understands the three steps that will be performed.

Field Technician Equipment

During the initial training on F5 products, all technicians are provided with tools (screwdrivers, wrenches, etc.). In addition to the tools, you may expect Field Techs to have Putty, TeraTerm, and WinSCP or equivalent software, and a web browser.

These requirements are detailed in the RMA Field Technician Preparation Guide.

FirePass NSE RMA4 Replacement Script

Before starting the three-step RMA4 process, ensure that the Field Tech has the required system software. It is preferred by F5 that Field Techs have the required software already loaded on their laptop computers before arriving at the customer site. This is generally not feasible however, and you will generally need to guide the Field Tech through the required steps to download the base software for the case. Ask the Field Tech if he has the required software loaded on his laptop computer. If not, guide the Field Tech through the process of downloading the required software. If this is the case, the Field Tech should start to download the software to his laptop before starting the RMA4 process. This is to minimize the time to complete the RMA4 by utilizing parallel processing.

Inform the Field Tech which base software version was installed on the unit that failed, and that this is the software that will be downloaded to his laptop computer. Direct the Field Tech to download the desired software release installer files and their associated *.md5 files by taking the Field Tech through the steps below.

To download the FirePass software, guide the Field Tech through the following steps:

a. Have the Field Tech navigate to the page on https://downloads.f5.com that allows him to select a product line, as shown in Figure 1.

b. Instruct the Field Tech to select the product version that corresponds to the FirePass software version from the drop-down menu.

c. Instruct the Field Tech to select the Release link.

d. Instruct the Field Tech to download the appropriate files by clicking on the corresponding link and downloading it to his laptop. Download the base software installer file, which will have a suffix of .tar.gz.enc in the filename. As an example, the file FP-6.10-20091009.tar.gz.enc is the name of a software installer file for the base 6.10 version, as shown in Figure 1. It is recommended to

download all F5 software to C:\F5 Downloads.

e. The Field Tech should use the recommended FTP transfer method. It is recommended to download all F5 software to a folder called C:\F5 Downloads on the Field Tech’s hard drive. f. Instruct the Field Tech to click the back button on his browser to navigate back to the page that

presents the downloadable base software installer files.

g. Instruct the Field Tech to download the *.md5 file that corresponds to the install file (*.im or *.iso) downloaded in step e. Again, it is recommended that the Field Tech download this file to the C:\F5 Downloads folder on his laptop computer hard drive.

FirePass NSE RMA4 Replacement Script

FirePass NSE RMA4 Replacement Script Page 5 of 13

FirePass NSE RMA4 Replacement Script

RMA4 Step 1- Unrack the Old Unit, Rack Replacement Unit

The Field Tech should understand how to power down and remove the old appliance. When the Field Tech calls in, verify with the Field Tech that he is to do the following:

1. Power down the failed unit and disconnect the power cord(s). 2. Disconnect all other cables connected to the failed unit.

3. Unrack the failed, old unit, if necessary, and rack mount replacement unit.

4. Record the RMA Case Number on the Return label for the failed BIG-IP that will be returned to F5. 5. Re-connect power to the replacement unit via the provided cable(s).

6. Do not re-connect cables to the management port and serial port. These will be re-connected at the very end of the RMA4 process.

7. Do not connect any network cables or failover cables.

8. Turn on the unit via the main switch (located as shown in Table 1).

9. If working on a 4100 or 4300 platform, instruct the Field Tech to boot the system by depressing the green checkmark button until the lights on the LCD panel come on.

10. Instruct the Field Tech to verify that the controller is ready and has completed the boot process before proceeding to the next step. Have the Field Tech verify that ready signal:

The FirePass 1000 emits three successive tones, which increase in pitch to indicate that the system has been loaded, and displays FirePass 1000 on its LCD panel

The FirePass 1200 emits three successive tones, which increase in pitch, to indicate that the system has been loaded, and blinks the blue LED for two-second intervals

The FirePass 4100 and 4300 display a cycle of three information panels in the LCD panel These are, in order:

 The currently configured IP address of the Management interface and the fully qualified domain name

 The date and time  The software version

Table 1. FirePass Platform Information

Platform

Management Port

Power Switch Location

1000

WAN

Rear Panel

1200

1

Rear Panel

4000

eth0 (WAN on PCI Ethernet

Card)

Front Panel

4100

Management

Behind Left Bay Door

FirePass NSE RMA4 Replacement Script

FirePass NSE RMA4 Replacement Script Page 7 of 13

RMA4 Step 2 - Determine if a Software Update is Required

Inform the Field Tech that the replacement unit that he is installing most likely has an older software version installed. Determine if you need the Field Tech to update the software version on the replacement unit by taking the Field Tech through the following steps:

1) Access the Administrative Console

Instruct the Field Tech to connect the FirePass directly to his laptop, using a crossover cable. Instruct the Field Tech to assign a static IP address to the Ethernet adapter on his laptop. Assign an unused IP address on the same subnet as the unit’s management port address.

Open a browser and enter https://<Management Port IP address> in the browser’s address bar, where <Management Port IP address> represents the management port IP address. A login screen will appear. Log in with a username and password of admin/admin.

2) Connect to the Serial Console and Reset Default Settings

a) Instruct the Field Tech to connect a serial cable between the Console port and his laptop’s serial port and open a TeraTerm session with the settings shown in Table 2. Log in with a username of maintenance and no password.

Table 2. Serial Port Settings

Setting Value

Baud Rate 19200

Data Bits 8

Parity Bits None

Stop Bit 1

Flow Control Hardware

Transmit Delay 0

b) Instruct the Field Tech to verify that the first screen shows the conditions that must be agreed to before proceeding. Review the conditions and press Enter to continue. A list of tasks is presented. Press 1 for Reset settings and/or admin password. Another list of options is presented. Press 1 again for Reset settings and admin password.

You are asked if you want to Reset the FirePass default values. Enter yes. You are asked if you want to Change the default FirePass IP settings. Enter yes.

At the prompt for FirePass server name, enter the fully qualified domain name of the FirePass, for example: firepass1.mycompany.com.

At the prompt for FirePass IP address, enter the IP address for the management port.

At the prompt for FirePass IP mask, enter the netmask for the management port’s IP address. At the prompt for DNS Server IP address, enter the IP address of the DNS server.

At the prompt for Gateway IP address, enter the IP address of the gateway.

You will be asked if the settings are correct. Enter no to make changes. Enter yes to proceed. The FirePass controller will reboot with the new settings.

RMA4 Step 2 - Upgrade the Base Software Version, if Required

1. Under Device Management, on the left hand side of the Administrative Console,

click on Current Settings. The software version and hotfixes installed are shown under FirePass Version and FirePass Hot-fixes, respectively. Determine if the proper software version has been installed.

FirePass NSE RMA4 Replacement Script

2. If you need to upgrade the base software version, have the Field Tech follow

these steps:

a. In the navigation pane, click Device Management, expand Security and click Timeouts. The Timeouts screen opens.

b. Temporarily change the Global inactivity timeout option to a large value, such as 8 hours, so that the upgrade process does not time out while downloading the image.

c. Disable all pop-up blockers in your web browser so that any generated error messages during the upgrade process (local upgrade or on-line upgrade) are displayed.

d. In the navigation pane, expand Maintenance and click Local Update. The Software Images screen opens.

e. Type F5Networks for the Password box.

f. For the File setting, click Browse. A dialog box opens.

g. Using the dialog box, browse to the location where you downloaded the software installer file (C:\F5 Downloads is the recommended folder).

h. Select the software installer file and click Submit. As an example, you would select FP6.10 -20091009.tar.gz.enc to install the base 6.102 version.

i. The upgrade will take a few minutes to complete. When finished, the FirePass controller will automatically reboot.

RMA4 Step 3 - Activate the License

After the system software has been restored, instruct the Field Tech to activate the license using the manual process by executing the following steps:

1. From a browser window, enter https://<Management Port IP address> in the

address bar. Log in with a username and password of admin/admin.

2. To activate the license, click on Maintenance and then Activate License.

a) In the Activate License section, enter the customer’s Base Registration Key and any Module

Registration Keys in the corresponding text boxes. Also provide the unit’s serial number, which starts with bip.

FirePass NSE RMA4 Replacement Script

FirePass NSE RMA4 Replacement Script Page 9 of 13

Figure 2: Licensing Options

i. Select the Manual radio button in the Registration Method area (see Figure 2), and click Request License.

ii. Copy the Product Dossier to your clipboard (Ctrl-a, Ctrl-c) (see Figure 3). iii. Move your laptop to an area where it has Internet access.

iv. Change the IP information of your laptop, if necessary, so that it can access the Internet. v. Click the link Click here to access F5 Licensing Server.

FirePass NSE RMA4 Replacement Script

Figure 3: Manual Licensing Options

vi. Paste the dossier into the Dossier text box (Ctrl-v), and click Next in the browser for the

FirePass NSE RMA4 Replacement Script

FirePass NSE RMA4 Replacement Script Page 11 of 13

Figure 4: Manual Licensing - Pasting the Dossier

vii. The license is generated. Click in the License text box and copy the license with the following key sequence: Ctrl-a, Ctrl-c (see Figure 5).

FirePass NSE RMA4 Replacement Script

FirePass NSE RMA4 Replacement Script

FirePass NSE RMA4 Replacement Script Page 13 of 13

Figure 6: Manual Licensing - Paste the License

To complete the licensing process, instruct the Field Tech to reboot the unit. Upon successful reboot, instruct the Field Tech to re-connect cables to the management port and serial port.

The Field Tech is to leave any network cables or failover cables unconnected. Inform the Field Tech that the RMA4 process has been completed.