add HA failed

Can you please provide configuration of below ask from new F5 webui. I hope your issue is on new F5 devices?

traffic groups device trust peer list device trust local domain device groups devices

Hope You tried already removing device from peer list and reattach under device peer list?

I have remove device from peer list and reset device trust and I have try add peer from new F5 device cli but still the same.

root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos) list cm device cm device GTM { active-modules { "Global Traffic Manager Module|MPZCTSX-UHASURA|STP|GTM, DNS LB|DNS Express|DNS Rate Fallback, Unlimited|DNS Rate Limit, Unlimited QPS|DNS Licensed Objects, Unlimited|GTM Licensed Objects, Unlimited|GTM Rate, Unlimited|GTM Rate Fallback, (UNLIMITED)|GTM, DNS LB, MAX|SSL, 2000S" } base-mac 00:23:e9:5b:fb:00 build 0.0.4 cert dtdi.crt chassis-id f5-bpft-ugpb configsync-ip 1.1.1.1 edition "Point Release 2" failover-state active hostname GTM key dtdi.key management-ip 10.188.183.21 marketing-name "BIG-IP 2000" mirror-ip 1.1.1.1 optional-modules { "2000S, Performance Upgrade" "AFM, 2000" "App Mode (TMSH Only, No Root/Bash)" "ASM, PSM to ASM Upgrade" "ASM, Unlimited" "BIG-IP, Multicast Routing" DNSSEC "External Interface and Network HSM" "IP Intelligence, 1Yr, 1600" "IP Intelligence, 1Yr, 2XXX/i2XXX/3600" "IP Intelligence, 3Yr, 1600" "IP Intelligence, 3Yr, 2XXX/i2XXX/3600" "IPV6 Gateway" "LTM, 2000" "LTM, GTM, ASM, APM 100 CCU, AAM, AFM (2000)" MSM "Routing Bundle" "SDN Services" "Secure Web Gateway, 1Yr, 2000S/I26XX" "Secure Web Gateway, 3Yr, 2000S/I26XX" "SSL, Forward Proxy" "URL Filtering, 1Yr, 2000s/i26XX" "URL Filtering, 3Yr, 2000S/I26XX" } platform-id C112 product BIG-IP self-device true time-zone Asia/Kuala_Lumpur unicast-address { { effective-ip 1.1.1.1 effective-port cap ip 1.1.1.1 } } version 12.1.3.2 } cm device NEWGTM { configsync-ip 1.1.1.2 management-ip 10.188.183.29 } root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos) root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos) list cm device-group cm device-group CONFIG-SYNC-FAILOVER { auto-sync enabled type sync-failover } cm device-group device_trust_group { auto-sync enabled devices { GTM { } NEWGTM { } } network-failover disabled } cm device-group gtm { devices { GTM { } } network-failover disabled } root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos) root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos) list cm trust-domain cm trust-domain Root { ca-cert dtca.crt ca-cert-bundle dtca-bundle.crt ca-devices { /Common/NEWGTM /Common/GTM } ca-key dtca.key status uninitialized trust-group device_trust_group } root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos) root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos) list cm trust-domain trust-group cm trust-domain Root { trust-group device_trust_group } root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos) root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos) list cm traffic-group cm traffic-group traffic-group-1 { unit-id 1 } cm traffic-group traffic-group-local-only { is-floating false } root@(GTM)(cfg-sync Disconnected (Trust Domain Only))(Active)(/Common)(tmos)

It looks like you have aded both GTM and NEWGTM to the local trust domain correctly (in the CLI prompt you can see Trust Domain Only)

It looks like you just need to now add the GTMs to the CONFIG-SYNC-FAILOVER device group

tmsh modify cm device-group CONFIG-SYNC-FAILOVER devices add { GTM NEWGTM }

I found the root cause. The GTM configured packet filter rule and not allow any traffic go through VLAN HA. I'm able to sync the configuration after add rule. Thank you for all your effort. Really appreciate.