ASM - Attack Signature - Miss Match on Active and Standby

Here is the confirmation from F5 for reference.

1. The number of "signatures ready to be enforced", and also "signatures have suggestions" are both related to traffic learning(Automatic Policy Builder-APB), which is built on real traffic passed on that device. Therefore, if the active and standby has different traffic traversed through them, the suggestions provided by traffic learning will be different for sure. 

2. Basically, the active device may normally have more suggestions, since more traffic are taken by the active device.

3. The learning suggestions of traffic learning are not synchronized by design, no matter ASM configuration synchronization is enabled or not. 

4. ASM policies will be changed, only after you manually accept the suggestion to change ASM policies or APB updates a BIG-IP ASM policy automatically. If the changes are applied onto the ASM policies, and then this configuration change of ASM policies will be synchronized in the device cluster. 

5. Therefore, the traffic processing will not have any difference, since the ASM policies are the same.

6. When you perform a failover, the suggestions which are already applied are in Sync between the devices but the number of suggestions will always be different on active and standby and this is by design.

7. In general, Real Traffic Policy Builder can run on only one system per security policy. For example, you can set up automatic security policy building on one system that is a member of an ASM-enabled device group, the policy is built on that system and then automatically updated on all of the systems in the device group.