Forum Discussion
Hello Venkatesh,
Yes, all configuration should be synced. Just pay attention, that for full ASM sync you need to specify Device Group on "Security ›› Options : Application Security : Synchronization : Application Security Synchronization"
Thanks, Ivan
- Venkatesh_786Jun 25, 2020Altostratus
Dear Ivan,
Thanks for the reply.
For your update we have performed the migration activity from s4000 platform to new i4600 platform a couple of days before following below steps:
>We forced offline one standby device in an existing HA pair of s4000 Platform. Performed device trust reset to break the existing HA.
>Disconnected all network interface cables and connected it to one of the new platforms (i4600), which was also in forced offline state to prevent it from going active in the middle of the activity.
>Rebuild HA by adding a new i4600 platform to s4000's device trust and device groups. Performed Config-sync from s4000 to i4600 platform (we decided to fail-over the traffic to i4600 once config-sync is successfully).
Sync Issue Encountered:-
Sync error on <hostname_of_i4600>: Load failedfrom /Comman/<hostname_of_s4000> 01b9000f:3: This platform doesn't support DoS hardware capability, which is needed to disable this sys db variable.
Recommendation from Support Team:-
We got an update from a support Team that there is some compatibility issue as the DoS sys db variable is set to "false" in s4000 and the same is set to "true" in i4600. To perform Config-sync, we should change the DoS sys db variable value to "true" in s4000 as we cannot change it to "false" in i4600.
Also, Support Team committed the change might cause increase in cpu usage on s4000 platform and till the recommendation arrived we have already crossed the downtime limit and we did not know till what extent the high cpu usage will impact or occur so we decided to roll-back the activity and rescheduled it once we get a proper resolution.
i just thought to share you the history. can you provide some clarifications on my below point if possible for you..??
- what is the functionality difference between DoS sys db variable value set to "true" and DoS sys db variable value set to "false"....??
- As the sync-fail-over-group status was showing "Sync failed". so in this case, it is clear that sync will fail but just wanted to confirm will fail-over works in this state..??
Thanks & Regards,
Venkatesh Mudiraj
- Ivan_ChernenkiiJun 25, 2020Employee
Hello Venkatesh,
- As I understand, here we have problem with hardware DoS, which is AFM and not ASM module. For more details you can look at https://cdn.f5.com/product/bugtracker/ID713707.html and https://cdn.f5.com/product/bugtracker/ID787969.html
- Yes, I think fail-over will work, but as we have sync failed, then behavior can be changed after fail-over, because configuration can be different.
Thanks, Ivan
- Venkatesh_786Jun 27, 2020Altostratus
Thanks Ivan.