For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

manjunath_sing1's avatar
manjunath_sing1
Icon for Nimbostratus rankNimbostratus
Mar 30, 2016

ASM Policy Sync to DR Location with out LTM configuration

We have two F5 devices with LTM+ASM in Prod and one LTM+ASM in DR all running same version. We have configured PROD in sync-failover hence replication of LTM and ASM configuration takes place from one device to other locally in DC. We have DR LTM+ASM with the same services hosted as in PROD, but the name of virtual server, pool name, node IP varies from DC. We are looking for a option to sync ASM policy elements from DC to DR with out repleting LTM configurations. i.e only ASM configuration are synced. We have mapped the policy to DR virtual servers manually.

 

Currently we are manually exporting ASM Policy from DC and importing in DR and merging the differences. But as production policy changes are not tracked or scheduled we forget to export and import in DR thus DR policy is not up to update. In case to DR fail-over ASM policy impacts the service as it block the request.

 

Please let us know if there is any automated/scheduled way to sync only ASM policy elements.

 

ASM Advanced WAF
security

1 Reply

  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Mar 31, 2016

    You would need to configure an ASM sync only group and add all four devices (assuming two in your data center, and two in disaster recovery) to this device group. If you set this to Autosync, then when changes are made to your ASM they would automatically be distributed to all of your devices. As it is not a failover group, traffic objects will not be synced.