Forum Discussion

cslefort_299593's avatar
cslefort_299593
Icon for Nimbostratus rankNimbostratus
Feb 07, 2017

ASM policies in High Availability not syncrhonizing

Good day,

 

I have a pair of F5 in an Active\Standby pair. My configurations are synchronizing across devices, except for security policies of ASM.

 

The standby F5 is not displaying all "Inactive policies", the version date on the standby F5 is months old, while the active was updated this morning

 

The standby F5 has an error message on the active policies "you must configure the security policy before you can access it"

 

i created a brand new security policy on Active F5 this morning. it automatically appeared on Standby F5. message "you must configure the security policy before you can access it" still appears on Standby F5. i completed the policy on standby (running through wizard). Error message disaparead I modified the Enforcement mode on the Active F5 and applied policy, but it does not update on the Standby F5. Active F5 is now Transparent for this policy, while standby is Blocking

 

The self-ip for the HA interface has an allow-all port lockdown. I have also tried using default+(TCP 6123-6128)

 

Config Sync, device mirroring all look ok in System--High Availability menu on both F5

 

Any help would be appreciated

 

1 Reply

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    cslefort,

     

    have you setup an Application Security Sync? Dependant on version it should be Security - Options - Application Security - Synchronization. Select your existing Device Group.

     

    Hope this helps,

     

    N