Steps to update the WAF Cluster in Amazon Web Services
- Before proceeding with the firmware update, ensure that you take a manual backup of the WAF configuration and save it in your preferred location.
- Download the firmware on both the units. Refer to the steps to update the firmware.
- Consider one of the units from the WAF cluster (WAF unit from which join cluster operation is initiated) and detach it from the load balancer back-end address pools. Make sure that all the service IP configurations from this WAF are removed from the corresponding load balancer backend address pools. At this point, the other WAF in the cluster will be serving the traffic.
- On the unit that is detached from the load balancer, apply the downloaded firmware.
- After the firmware is successfully updated, verify the services and make sure that WAF has no issues and the configuration is intact.
- Add the detached services IP configurations back to the corresponding load balancer backend address pools. Verify access logs for services on both the WAFs to make sure that the incoming requests are served without any failures.
Repeat the above procedure for the other WAFs in the cluster which is to be updated. (Detach the services from the Load Balancer Backend address pools, apply the firmware, verify the health and configuration post update, put the services IP configurations back to the corresponding load balancer backend address pools and verify access logs for services on both the units).