For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Gerald24's avatar
Gerald24
Icon for Altostratus rankAltostratus
Jul 20, 2022

Active/Active HA Setup

I have a question regarding HA Setup with Active/Active Setup. I want to perform sync in both devices without affecting the configured routes of Both F5. Do you have an idea how could I do it? I'm t...
application delivery
f5 ltm
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Jul 20, 2022

There is a way to put configuration objects (i.e. virtuals, pools,profiles) and file objects (i.e. certs/keys) into folders.

You would run your BIG-IPs not in a sync-failover device group, but in a sync-only device group.

To create the folder you might follow this example:

tmsh create sys folder allsites_synconly \
device-group devgroup_sync-only_all-sites \
traffic-group none
tmsh save sys config partitions all

Objects like certificates may be imported/assigned to a folder like this:

tmsh create sys file ssl-key allsites_synconly/cert_service.bit \
source-path file:/shared/service.bit/service.bit.key
tmsh create sys file ssl-cert allsites_synconly/cert_service.bit \ source-path file:/shared/service.bit/service.bit.crt

If you prefer using the TMUI, don´t forget to put the folder always in front of your objekt name, i.e.: