Forum Discussion

Nimbostratus

Oct 29, 2017

APM Policy Sync

Good Day everyone !! We have F5's deployed at 4 DC's in active/standby mode so total of 8 devices , we are using Access Policy Module for Remote access VPN solution.This was designed by our engi...

application delivery

BIG-IP Access Policy Manager (APM)

security

TMOS

Roman_B_248530

Nimbostratus

Nov 06, 2018

Hello experts,

I have been searching for an answer to similar question. I need to clarify that by configuring config-sync for ASM doesn't impact other modules - LTM/APM that live on the same F5 box. I have an environment with a sync-failover cluster consisting of 2 F5 devices in each data centre so in total - 4 devices. Each cluster runs APM, LTM and ASM.

What I want is to configure sync only between clusters for ASM module not impacting other modules. So if I make ASM change on a cluster in 1st DC the change is synced to 2nd DC cluster. All other changes for LTM/APM are synced between devices in the particular DC cluster only - not propagated between clusters in different DCs.

If I add other boxes with ASM in a separate config-sync device group and refer to this group in "Security ›› Options : Application Security : Synchronization : Application Security Synchronization" section, will that sync ASM data not impacting LTM and APM? Can someone please confirm?

Leonardo_Souza
Cirrocumulus
Nov 06, 2018
It should work with a sync-only device group with the 4 devices, and you then select that device group in the ASM.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM Policy Sync

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

OSPF traps on BIG-IP v14

Problem with sending BotDefense logs to remote server

Change Content-Type from application/octet-stream to multipart/form-data

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Related Content

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

APM-DHCP Access Policy Example and Detailed Instructions

Syncing F5 APM Policies Across Cloud Regions or Datacenters

Security Policy not syncing between devices

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS