Manual Chapter : Using F5 SSL Orchestrator Preview Merge
Applies To:Show Versions
F5 SSL Orchestrator
- 16.0.1, 16.0.0
Using F5 SSL Orchestrator Preview Merge
Overview: About F5 SSL Orchestrator Preview Merge
Preview Mergeoption becomes available for previously deployed SSL Orchestrator configurations after a configuration is moved into the
Unprotected Configurationmode. Once a configuration is unprotected, changes made in any of the following configuration topologies (steps) are available for review and merge configuration options:
- SSL Configuration
- Interception Rule
- System Settings
After a configuration is in unprotected mode, the
Preview Merge Configoption appears even if no changes have been made.
Using the Preview Merge Configuration
The following content and steps provide information on when, and how, to use SSL Orchestrator’s
After deploying a configuration for the first time, SSL Orchestrator returns to the main Configuration screen listing all deployed configurations. In the
Protected/Unprotected Config…column, a lock is present in
Protectedmode. At this time, you may make out-of-band changes to your deployed configuration. Do the following to update an existing configuration and use the
- Click on the lock icon in theProtected/Unprotected Config…column. TheUnprotect Configuration?pop-up message appears which allows you to modify objects for this instance outside of Guided Configuration.
- ClickOKto disable the lock so you may make unprotected configuration changes. ClickCancelto leave the configuration protected. When the lock is enabled, you may not make out-of-band changes to the configuration.If you clickOK, the configuration becomesUnprotected.
- With the configuration lock now disabled, click the Name of the unprotected configuration. The Summary screen appears and a greyed-outPreview Merge Configbutton becomes available. Out-of-band changes may now be made to this previously configured deployment.
- From the Summary screen, select one of the topology steps listed below and edit the configuration.ClickTopologyto edit and add additional content to theDescriptionfield that describes the configuration changes being made out-of-band. ClickSave & Next. The SSL Configuration screen appears. Make additional configuration changes and clickSave & Next. The Service screen appears. At the top of the screen, a message appears with the option toDeployorPreview Merge Config.Depending on which topology (step) you first select to update, the option to eitherDeployorPreview Merge Configwill appear as you move through the available steps.
- After making configuration changes to the available topologies (steps), the following message will appear at the top of the screen:Configuration has pending changes to deploy. Do you want to deploy now?The option to eitherDeployorPreview Merge Configappears.If you selectDeploy, the updated out-of-band configuration will deploy without providing you with a configure merge preview. If you selectPreview Merge Config, you may preview the configuration differences before deploying.
- ClickPreview Merge Config. The Preview Merge Configuration screen appears. At the top of the screen, the Preview Merge step appears in the Guided Configuration menu after Summary.
- Preview the details between the two objects based on the drop-down list options available:Devices,Object Type, orName:
- Devices: The list ofDevicesin the High Availability (HA) pair. If you want to preview the merge differences between two HA paired objects, select the second device from this list.
- Object Type: The different configuration object kind accessible from theObject Typelist. Select an object type to compare the differences between the previous configuration and the current configuration.
- Name: The list of device names accessible from theNamelist will change based on the selected object type selected in theObject Typelist. If there is only one object name for a selected object type, theNamelist will only show the name associated with that object type.
- The Preview Merge Configuration screen also provides two views:
- Previously deployed configuration (deployed object with changes made out of SSL Orchestrator UI)
- Currently deployed configuration (objects as deployed from SSL Orchestrator UI)
- As you preview the details between the two objects, color coded lines will indicate differences between the two configurations:
False negative indicators may appear at times as changed in the diff view (for example, a SSL Orchestrator configuration may show 0.0.0.0%0/0 while the configuration from MCP will be 0.0.0.0/0). In addition, certain sub-collection data may not be able to be viewed (for example, profiles attached to virtual).
- Blue highlight: Indicates differences between the previous configuration and the current configuration.
- Green highlight: Indicates information that is in only one of the configurations but not in the other.
- Red highlight: Indicates information that has been deleted from the previous configuration.
- After reviewing the configuration details, clickDeploy. The Deploy? pop-up screen appears:Any changes previously made while in Unprotected Configuration will be lost. To retain out-of-band changes, select.Merge Changesbefore you clickDeploy
- Perform one of the following options:
- Select theMerge Changescheck box and clickDeployif you want to merge configurations and retain out-of-band changes.
- ClickDeploy(leaving the Merge Changes check box unselected) if you want the retain the currently deployed configuration.
- After selectingDeployfor either option above, the Success pop-up message appears:Deployment was successfully completed. ClickOK. SSL Orchestrator returns to the main Configuration screen listing all deployed configurations.
- If you selected theMerge Changescheck box and clickDeploy, there is a potential for drift to occur (there may still be some changes that have not yet been integrated). Click on the Name of the configuration. The Summary screen appears.
- If thePreview Merge Configbutton remains greyed-out, continue with the next step.
- If thePreview Merge Configbutton is no longer present (and only theDeploybutton is available), the configuration merge was successful and does not contain potential drift.
- From the Summary screen, selectLog Settingsto edit. The Log Settings screen appears.
- From thePer-Request Policylist, selectAlertandSave & Next. The Summary screen appears with thePreview Merge Configbutton now available.
- ClickPreview Merge Config. The Preview Merge screen appears.
- ClickDeployafter reviewing the changes. The Deploy? pop-up message appears:Any changes previously made while in Unprotected Configuration will be lost. To retain out-of-band changes, select Merge Changes before you click Deploy.
- This time, do not select theMerge Changescheck box and clickDeploy. The Success pop-up message appears:Deployment was successfully completed.
- ClickOK. SSL Orchestrator returns to the main Configuration screen listing all deployed configurations. The configuration lock for your configuration is again enabled and set toProtected.
- Click on the Name of the protected configuration. The Summary screen appears and thePreview Merge Configbutton is no longer visible as an option.
You have successfully merged the configurations and re-deployed.