HA failover with no session lost is possible ?

If you're mirroring connections between the BIG-IPs then those connections should persist after failover. The general recommendation is for long lived connections like SSH and FTP that you would want to mirror those connections but for short lived connections like HTTP it's generally not worth the overhead.

You have to configure mirroring between the devices in the cluster and then enable it for each virtual server that you want to use it. It's not enabled by default.

Check out the following solution doc for far more information on the topic. SOL13478 - Overview of connection and persistence mirroring (11.x)

In addition to Mike answer, connection mirroring is not supported in combination with a Client SSL or Server SSL profile.

it seems ssl session mirroring in now possible: https://devcentral.f5.com/articles/the-top-ten-hardcore-f5-security-features-in-big-ip-116

now only connection mirroring :)

BTW: F5 web search team when i search for ssl session mirroring f5 i find a website posting the full article way before the actual page.

In BIG-IP 12.0.0 and later, you can configure the system to mirror Secure Socket Layer (SSL) connections that are terminated by the BIG-IP system to peer device group members. When you enable connection mirroring on a virtual server that references an SSL profile, the BIG-IP system mirrors SSL-specific data to the appropriate device group member. This preserves SSL connections when failover occurs.

The following configuration options are not supported for virtual servers configured to mirror SSL connections: •HTTP profiles (12.0.0 - 12.1.2)* •Server SSL profiles (12.0.0 - 12.1.2)* •UDP profiles •iRules (12.0.0 - 12.1.2)* •Other L7 features

*Support for these configuration options is introduced in BIG-IP 13.0.0.