BIG-IP Sync-Failover - Sync Failed
Hi, In a project we're running a device-group in Sync-Failover* mode with Manual Sync type. After a change on the Active unit trying to sync from the Active unit to the device-group, Sync Failed with the information below: Sync Summary Status Sync Failed Summary A validation error occurred while syncing to a remote device Details Sync error on 2nd-unit: Load failed from 1st-unit 01070110:3: Node address 'node' is referenced by a member of pool 'pool'. Recommended action: Review the error message and determine corrective action on the device We're totally sure that nothing had been changed manually on the 2nd node, and both nodes were in sync before the change on 1st node. The Last Sync Type field for both nodes shows Manual Full Node. I couldn't find anything on this case; is it safe to just manipulate the configuration on the 2nd node and then sync from 2nd node to the device-group? Many thanks in advance!
Config sync for ASM module not impacting other modules
Hello experts, Need an advice how to properly sync ASM policy/configuration between different devices. I have an environment with a sync-failover cluster consisting of 2 F5 devices in each data centre so in total - 4 devices. Each cluster runs APM, LTM and ASM. What I want is to configure sync only between clusters for ASM module not impacting other modules. So if I make ASM change on a cluster in 1st DC the change is synced to 2nd DC cluster. All other changes for LTM/APM are synced between devices in the particular DC cluster only - not propagated between clusters in different DCs. Would this be possible? Is there any guide / KB to implement this? Thanks, RomanUsing the same 3rd party certificate for two devices in a device group?
I currently use self-signed certificates on my cluster of LTMs running 11.5.3. I would like to install 3rd party certificates. If I generate a certificate that has subject alternative names that include the individual hostnames for the two devices as well as the name of the floating IP, can I apply that certificate to both devices? Or will the device group sync have a problem with sharing a cluster with a device that has the same certificate? So if my two devices are "ltm-1.example.com" and "ltm-2.example.com" and the name of the floating IP is "ltm-active.example.com", I'd have a certificate for ltm-active.example.com with ltm-1.example.com and ltm-2.example.com as SANs and I would install the same cert/key pair on both devices. Thanks!