Jan 31, 2023

F5 HA - how to always gui login to active unit

Hi, we have 4 units in HA, many admins is using F5 to do some work on it. Sometimes units are switched between standby to become active. How to do to under one address or any other way to always log (admin gui page) to active unit so changes are not made by mistake on standby unit which few hours earlier was active unit

  • The Administrators should avoid making changes to the configuration during production hours to avoid unforseen incidents such as failover.

    Always plan and execute changes during down time or maintenance window.

  • As Greasy_Pretzel already pointed out: Implementing strong organizational practises are probably the best way to deal with your situation.

    If you are still looking for a simple way to have a unified entry point to always administrate the currently active cluster node, then adjust on one of your floating IPs the "Port Lockdown" setting to "Allow Default". 

    Add a DNS Record to the Floating-IP and you finally achived what you've asked for...

    Cheers, Kai

  • psajdakl If you are using the management interface to connect to your F5 devices you do not really have an option to always connect to the active unit and it is up to the admin making the changes to make sure they are logged into the active unit. If you are using the self-IPs of the network interfaces you can use the method that Kai_Wilke has mentioned to always connect to the active unit. Now keep in mind that it doesn't really matter which device you make the change on because you can sync the configuration from the current F5 unit to the group which will sync the configuration to the active unit in the HA group. The only time it really matters what unit you are logging into is if the device you logged into is in a failed state or if you are troubleshooting communication through the F5s because that traffic through the F5s only occurs on the active unit.