Forum Discussion

SergioPontes_36's avatar
Icon for Nimbostratus rankNimbostratus
Oct 05, 2018

ASM application security synchronization

When we are talking about an HA environment of two Big IPs with LTM and ASM operating, what would be the difference of the conventional configuration synchronization configuration for the application security synchronization ASM option?


My question is that even without enabling application security synchronization, the settings I had made on the active device had been replicated to standby.


5 Replies

  • nathe's avatar
    Icon for Cirrocumulus rankCirrocumulus

    Do you mean LTM changes or changes to an ASM policy? For the latter you would need ASM sync setup.


  • OK. I found it strange because I'm in version 14 and even without activating application security synchronization, the policies I created on the active device were replicated to Standby. Is there anything more specific that is updated if I enable application security synchronization?


    My question would be this. What is actually synchronized in the ASM module only with traditional HA configurations, and what is synchronized after I enable application security synchronization?


  • Did you verify that the actual ASM Policy content was synced, or was it just the policy name attached to an empty policy?

    An ASM policy consists of an entry in the

    , which just tells mcpd that there is an ASM policy of that name, and an ASM database entry.

    If mcpd sees ASM policy names in
    without the matching ASM database policy data, the policies will be auto-created as empty (and transparent) ASM policies.

    The actual policy configuration settings are stored by ASM in a mysql database - this is what is managed by ASM policy synchronization.

    I suspect that you managed to sync the policy names but not the Policy settings.

    Of course, it could be a new issue.