ASM block all whitelisted urls and parameters in standby device
ASM block all whitelisted urls and parameters in standby device and it allow them in active device. if i faliover to standby device my website doesnt work. where it's working fine if i failover back to my active device.
i have checked the number of whitlisted url and parameters in both devices and they are same. i have tried to check the sync so i have created security policy (test_policy) in active device with transpernet mode , and then i have checked the standby device and (test_policy) exist but in blocking mode not trasperent. i don't know why it has been changed.
Also, i have created security policy (test_policy2) in active device with blocking mode , and then i have checked the standby device and (test_policy2) exist but in blocking mode too. it's remain as it is.
while i'm checking learning and blocking settings in both devices, i noticed that, the default microservices is transpernt in active device and the default microservices is blocking in standby device i don't know if this the issue.
I have checked asm logs in standby device and i find sth like the below:
ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::log_error_and_rollback): Expected size of /ts/var/sync/sync_xxxxxxxxx__full_update (256769544) does not match actual size (139853824)
ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::spawn_relay_handler): Error during 'sync_receive_file_part' while in sync recovery state. Giving up. State may be inconsistent with other peers.
Have you followed article https://support.f5.com/csp/article/K12200102
You also do a full sync to clear any issues:
Also sometimes the incremental cache of 1024 for incremental sync needs to be increased to 2048 for example to stop such issues:
I would also suggest to check the F5 bug tracker and release notes and to upload a qkview to ihealth for your error as your version may have some bug like an asm bigip process for example the asm_config_server needing a restart with bigstart (https://support.f5.com/csp/article/K9073) etc.
example release notes:
Just as a security note your policy being in trensperant mode on the active device is normal for the F5 device to not block the traffic but this means that you had a security risk till now so just to know that! Better clear the false positives and make the policy to be in blocking on the active and standby devices: