Creating an Active-Standby Configuration without Using the Setup Utility

I think on tmos 11.5 there is a new feature so you can run just the DSC setup wizard (ie HA). If you're not on that version then you'll have to do it manually. Setup the base networking on the new box, configure failover settings on both (configsync, mirroring and failover) and then on one configure the device group.

Thanks for the answer Nathan. But I cannot configure the failover settings without running the setup utility. The only thing I see in the System-->High Availability is the Fail-Safe settings. The only way I found to enable the "Ha Group" and Device Connectivity" options is by using the Setup utility.

You can do it manually -

SOL13649: Creating a device group using the Configuration utility

Generic instructions from my experience and memory:

pre-work - ensure the new device has all needed local device and network configuration. ensure there's a working NTP server configured on each F5, ensure each f5 has a valid device certificate, reset device trust on each F5 (Device Management | Device Trust | Local Domain, Reset Device Trust (generate new self-signed authority). make sure you've backed up your configs and that you can sustain an outage during the timeframe that you decide to configure HA (never know what will happen)

1. Specify config sync address on each device - Device Management | Devices, click on "self" | Device Connectivity | Config sync - specify that local address that you want each device to use for config-sync operations
2. Specify network failover addresses on each device - Device Management | Devices, click on "self" | Device Connectivity | Network failover - add local IP addresses that you want each device to use for network failover communication - usually at least one self-IP-address and the management address of the local device
3. Specify mirroring address on each device - Device Management | Devices, click on "self" | Device Connectivity | Mirroring - select the local IP address to use when any type of mirroring is configured in the F5 configuration
4. On primary device, add second device to device trust peer list - Device Management | Device Trust | Peer List | Add... - enter information of second device. once complete, check that primary device exists in secondary device's device trust peer list (should happen automatically)
5. Create device group on primary device and add both devices - Device Management | Device Groups | Create... - create a Sync-Failover group and add both Devices. once complete, check that the device group exists in secondary device's device group list (should happen automatically)

You can do it manually -

SOL13649: Creating a device group using the Configuration utility

Generic instructions from my experience and memory:

pre-work - ensure the new device has all needed local device and network configuration. ensure there's a working NTP server configured on each F5, ensure each f5 has a valid device certificate, reset device trust on each F5 (Device Management | Device Trust | Local Domain, Reset Device Trust (generate new self-signed authority). make sure you've backed up your configs and that you can sustain an outage during the timeframe that you decide to configure HA (never know what will happen)

1. Specify config sync address on each device - Device Management | Devices, click on "self" | Device Connectivity | Config sync - specify that local address that you want each device to use for config-sync operations
2. Specify network failover addresses on each device - Device Management | Devices, click on "self" | Device Connectivity | Network failover - add local IP addresses that you want each device to use for network failover communication - usually at least one self-IP-address and the management address of the local device
3. Specify mirroring address on each device - Device Management | Devices, click on "self" | Device Connectivity | Mirroring - select the local IP address to use when any type of mirroring is configured in the F5 configuration
4. On primary device, add second device to device trust peer list - Device Management | Device Trust | Peer List | Add... - enter information of second device. once complete, check that primary device exists in secondary device's device trust peer list (should happen automatically)
5. Create device group on primary device and add both devices - Device Management | Device Groups | Create... - create a Sync-Failover group and add both Devices. once complete, check that the device group exists in secondary device's device group list (should happen automatically)

I am facing the same doubts right now, I would love to know what you ended up doing netadmindetail ?

hey Krafes,

I don't know if this will help you out since it so late, but the proccess that Nathan and Shaggy explained does work. I had just gone through upgradeing a bunch of F5 LTMs from v10, some with hardware migrations, and had to build the device groups from scratch. Hope that helps with your doubts.

KHarsma