CirrusHi,
a Fortigate WAF was inserted into our network infrastructure before the F5 balancer.
Now, the problem is this: we have two F5s in active/standby, when load balancer 1 is the active one, calls via the WAF have excessive latency; when load balancer 2 is active, however, communication is normal.
The two balancers are perfectly equal.
Have anyone any suggestions on what to investigate to resolve the issue?
Thanks, regards
MVPpacket captures on different places in the path. try to find where the latency is caused. if it is the F5 itself you can certainly contact support to look into that further.
does all traffic go through the FortiGate WAF? if not it is interesting to see if there is a difference there.
MVPprobably there is L1-L2 problem between the waf and f5lb1.
have you check the ping from waf to client-side self IPs?
Hi Romolo82,
Please compare the self IP of both the LTMs, and see the default port lockdown settings, and see what port setting is allowed on those each self IP.
Check and compare all the self IP allows service details on both the working and non working F5.
Network section related setting including Self IP settings do not copy/sync from one box to another in HA setup, only LTM section or other config get replicated, so check if there is any config mismatch in Self IP settings. Details which are not visible from GUI. only CLI you can get these settings to compare further
list /net self
This will result in an output that looks like the following:
net self internal {
address 10.10.10.1/24
allow-service all
traffic-group traffic-group-local-only
vlan internal_vlan
}
https://my.f5.com/manage/s/article/K17333
🙏
