Update F5 GeoIP
IP Geolocation Database
Used to control access to the VPN based on the physical location of the user connection. The database is updated monthly and doesn’t interrupt service.
Prerequisites
- SSH access to the F5 device, via bash. (Beware the Azure NSG rules)
- Access to my.f5.com and “HM Courts & Tribunals Service” account to download the latest GeoIP database.
- SFTP client to upload the database to the F5 device.
Instructions
These steps can be performed during working hours as they do not interrupt service.
Pre-Update
Confirm your F5 VPN is not active before proceeding Log into the F5 Web Admin portal using a web browser and note the current version BIG-IP Confirm your admin user account has access to the F5 device via SSH and if any IP access restrictions are in place Log into the MyF5 portal and download the latest GeoIP database Goto Resources > Downloads Set GROUP as BIG-IP Set Product Line and Product Version as per your F5 device Set GEOLOCATIONUPDATES_Edge Download the latest GeoIP database zip file and md5 file
Update GeoIP database
The following steps are to be in the shared directory, which is different from the /usr/share directory, which contains the default GeoIP database files.
Use a SFTP client to upload the GeoIP database zip file to the F5 device Place the GeoIP database zip and md5 files in the /shared/tmp directory
Connect to the F5 device via SSH and run the following commands: “`
mkdir /shared/GeoIP_backup
cp -R /GeoIP/* /GeoIP_backup/
cd /shared/tmp
md5sum -c
unzip
This step will overwrite the update GeoIP database files, repeat for each rpm file in the zip archive geoip_update_data -f
geoip_lookup -f
Remove the now redundant zip, rpm and md5 files from temp directory rm -i