F5 HA issue as dependency is on FW

Question

Hi,
I am facing issue with F5 Failvoer.
Active Switch---&gt; Active F5---&gt;Active Firewall.
When Checkpoint Failover happens , F5 is forced to failover, as in this case F5 forced to Standby.&nbsp;
There is option of Fail Safe option in F5 which can monitor a particular interface connected to FW.
If incase interface VLAN 40 goes down  at FW or F5 , F5 will take care of Failover.&nbsp;
But, my question is sometimes FW failover occurs but FW interface connected to active F5 remains up.
In this case we have to forcefully make the F5 standby.
Because if automatic failover don't happens it will impact the business.&nbsp;

vijay_e · Answer

Failover in the upstream router/fw should not affect the downstream F5 as long as the configuration on the F5/FW/Routes are good. I think you need to revisit this and fix any possible issues. If you don't want to change this, you can try and explore the Gateway Failsafe option.

boneyard · Answer

i assume you are thinking about VLAN failsafe and that doesn't care if the interfaces goes up or down, it cares about seeing traffic on that VLAN.&nbsp;
what you want is kinda tricky, because how would the F5 know the status of the firewall? if the traffic does indeed fall away from a VLAN that would be enough, but if anything still happens there then it isn't. isn't it possible to add a switch layer between the firewalls and F5s so it doesn't matter which F5 is active?&nbsp;

Forum Discussion

F5 HA issue as dependency is on FW

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5 GTM resolution issue

What Infrastructure Do You Depend On? - Jan 14th - 20th, 2023, F5 SIRT - This Week in Security

F5 virtual edition license issue.

Regex issue

F5 health 443 monitor issue with Atlassian Conluence