F5 cluster not syncing connections

Question

Hello,&nbsp;
I have F5 cluster with active/active config and two traffic groups.&nbsp;
The first problem I see is that there is no syncing for firewall rules, only config related to LTM is being synced.
The second problem is there's no syncing of connection states between devices. Every time I do a fail-over connections are being dropped because the state is not good.&nbsp;
I'm fairly new with F5 so anything can be of importance here. I have some feeling that everything related to firewall function is not being synced.&nbsp;
Here's the info on the devices and OS:&nbsp;
Platform Name BIG-IP vCMP Guest
Software Version BIG-IP v11.6.0 (Build 4.0.420) &nbsp;
Thanks!&nbsp;
Bojan&nbsp;

nathe · Answer

Bojan,&nbsp;
When you say firewall rules do you mean AFM rules? This should get synced across devices. If you mean ASM then you need to create a specific Synchronisation Group in the ASM part of the GUI.&nbsp;
In regards connections been dropped on failover. By default the connection table is not mirrored to another LTM. To enable this you need to do this on a per-virtual server basis. Check the properties of a virtual server and you should see a connection mirroring check box.
There is a warning, however, about increased network traffic.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

bojan_sukalo_20 · Answer

Hello Nathan,&nbsp;
Thank You very much for your prompt answer.&nbsp;
When I say firewall rules, I mean the rules under Security, Network Firewall, Active rules.&nbsp;
I could not find the option for syncing connection on vhosts. &nbsp;
These are resources provisioned if that means anything to you.&nbsp;
AFM Nominal
AM None
APM None
ASM None
AVR None
FPS None
GTM Nominal
LC None
LTM Nominal
SWG None &nbsp;
In any case, I appreciate the effort you took so far to answer me.&nbsp;
Bojan&nbsp;

nathe · Answer

is AFM provisioned on both boxes? any errors in the logs when doing a config sync?&nbsp;

bojan_sukalo_20 · Answer

Hello Nathan, yes it is.&nbsp;
vBIG-IP1 BIG-IP 11.6.0 4.0.420 HD1.2 AFM, GTM, LTM Active No
vBIG-IP2 BIG-IP 11.6.0 4.0.420 HD1.2 AFM, GTM, LTM Active No&nbsp;
What baffles me is that I don't know whether also physical hosts need to be in sync state. They are now working as standalone.&nbsp;
As for v hosts, everything seems fine
Failover_Group[In Sync] 2Sync-FailoverManual
device_trust_group[In Sync] 2Sync-OnlyAuto&nbsp;
Both devices are "green". Anything done under LTM is synced to both nodes.&nbsp;
Cheers!&nbsp;
Bojan&nbsp;

nathe · Answer

What baffles me is that I don't know whether also physical hosts need to be in sync state. They are now working as standalone.
The vcmp hosts will be standalone, you pair up the guests on the two hosts.
Any errors on the other vcmp guest during a sync?
N

Forum Discussion

F5 cluster not syncing connections

8 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

Any way to cache HEAD request

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

2026 is Almost Here

Related Content

Use F5 Distributed Cloud to Connect Apps Running in Multiple Clusters and Sites

Integrating with your IPv6 Kubernetes Cluster

F5 BIG-IP deployment with OpenShift - multi-cluster architectures

Sync-failover group doesn't sync properly

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS