NimbostratusWhen we are talking about an HA environment of two Big IPs with LTM and ASM operating, what would be the difference of the conventional configuration synchronization configuration for the application security synchronization ASM option?
My question is that even without enabling application security synchronization, the settings I had made on the active device had been replicated to standby.
CirrocumulusDo you mean LTM changes or changes to an ASM policy? For the latter you would need ASM sync setup.
NimbostratusOK. I found it strange because I'm in version 14 and even without activating application security synchronization, the policies I created on the active device were replicated to Standby. Is there anything more specific that is updated if I enable application security synchronization?
My question would be this. What is actually synchronized in the ASM module only with traditional HA configurations, and what is synchronized after I enable application security synchronization?
EmployeeDid you verify that the actual ASM Policy content was synced, or was it just the policy name attached to an empty policy?
An ASM policy consists of an entry in the
bigip.confbigip.confThe actual policy configuration settings are stored by ASM in a mysql database - this is what is managed by ASM policy synchronization.
I suspect that you managed to sync the policy names but not the Policy settings.
Of course, it could be a new issue.
Cirrocumulusyou can find the manual on v14.0 ASM sync here
NimbostratusMany thanks for you support. I think it has now been well explained.