Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ASM policy sync issue

Hi,

i have configured ASM in HA. everything was working fine as far as concern with LTM and ASM.i logged in box after some days and found that in active box ASM policies were in transparent mode but in standby box all polices were in block mode. i am shocked to see this. how it is possible.

0
Rate this Question
Comments on this Question
Comment made 26-Apr-2018 by G. Scott Harris 1648

Have you enabled ASM sync? Security>Options>Application Security>Synchronization. If this is not enabled I believe the policy names will sync but their configuration does not.

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Check G.Scott's recommendation 1st. That's the obvious one, most likely.

If that doesn't apply, consider flushing ASM's DB on the Standby unit. Don't forget to take a UCS backup for safety reasons: https://support.f5.com/csp/article/K6992

  • When DB has been reset on Standby unit, manually enable ASM sync (the same as in 1st recommendation), and initiate a sync from Active to Standby. This initial sync could take up to 5 minutes if you have a hundred policies. After initial sync, all is back to normal.

This will eliminate blocking conflicts in ASM's MySQL DB and a seamless sync can take place. Those issues are rare, caused by very circumstantial bugs. Last time I did this procedure with BigIP v12.1 half a year ago. When you're not in a rush to restore sync, consider contacting F5 support so they can have a look and see if there are any un-addressed bugs.

0