Forum Discussion

Nimbostratus

Dec 13, 2024

BIG IP Link failover happen but i try to link fallback

I have used LTM-DNS with AFM on BIG IP. For Internet outgoing I used wildcard VS link failover happens when wan1 is down it goes to wan2 but I want to link fallback when WAN1 comes up again. We no...

MVP

Dec 15, 2024

hi Prasad21l

Could you please share the configuration Flow.
For me I expect you have a Firewall Sandwich solution > we called it like that when BIGIP sits down between 2 firewalls but in this case you have two routers instead of Firewalls.

I will explain what I understood and let me know if I am correct:

1- you have wildcard Virtual server >> Traffic goes through it to internet.

2- you have pool with two members ( Wan1 & Wan2 )

3- you are configuring a transparent health monitor , to monitor bother of links.

So let me ask you here , do you use PGA "Priority Group Activation " on pool level or not ?
I need to know the Configuration criteria of choosing the active link and when it marks it disabled.

so let me know more about the context

Prasad21l
Nimbostratus
Dec 16, 2024
Hi Mohamed,
Thanks for the reply,
Flow f5-->switch-->FW-->SW-->DMZ

1- you have wildcard Virtual server >> Traffic goes through it to internet. ----- yes
2- you have pool with two members ( Wan1 & Wan2 ) ---- yes
3- you are configuring a transparent health monitor, to monitor bother of links. -- yes

No Priority Group Activation configured.
- Mohamed_Ahmed_Kansoh
  MVP
  Dec 16, 2024
  very well,
  
  I recommend using Priority group activation , please follow this article : https://my.f5.com/manage/s/article/K13525153
  
  this will let you leverage :
  
  1- Fault tolerance on Pool members level ( WAN1 & WAN2 ) , for example this selects WAN 1 as the primary and active link whereas WAN2 is standby in case of failures in WAN1.
  
  2- If an issue happened in WAN 1 "Active Link" , WAN 2 will carry over traffic , and when WAN 1 returns back , WAN1 will get the traffic again and WAN2 will be standby again automatically by default.
  By the way you can change this behavior and return traffic to WAN 1 manually if you wish in the future.
  
  3- Using this approach will give you the visibility and granular control for traffic flow.
  
  Try it and let me know.
Prasad21l
Nimbostratus
Jan 23, 2025
Yes, ISP Router --> F5-->SW(L2 for HA)-->FW-->SW-->DMZ
Also enabled PGA with Less than 1 option.
1- you have a wildcard Virtual server >> Traffic goes through it to the internet. --yes
2- you have a pool with two members ( Wan1 & Wan2 ) -- yes
3- you are configuring a transparent health monitor, to monitor the bother of links -- we enabled monitor on the pool.

Thanks
Prasad

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

BIG IP Link failover happen but i try to link fallback

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Replacing i2800 pair with new F5-BIG-AFM-r2800

SSH forward proxy

F5 CIS -> NGINX Plus Ingress Controller Integration

Can I use F5 Big-IP WAF as HoneyPot

Entra ID F5 APM MDM Intune integration compliance check

Related Content

Configuring AWS HA Failover Across AZs Without EIPs Using F5 Cloud Failover Extension (CFE)

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Using Distributed Cloud DNS Load Balancer with Geo-Proximity and failover scenarios

HTTPS passthrough fallback URL

Transparent Kerberos Authentication and APM fallback authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS