Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

David_Saw_24368's avatar
David_Saw_24368
Icon for Nimbostratus rankNimbostratus
Sep 15, 2018

Pool Member disable/forced offline behaviour

Hi Guys, I have a scenario as below: - Client tries to connect to Outlook and get a password prompt - Found out the pool member health monitor is showing UP but actual server services (r...
application delivery
LTM
Philip_Jonsson's avatar
Philip_Jonsson
Icon for MVP rankMVP
Sep 16, 2018

1. When pool member is set to Disabled/Forced offline, any new connection requests will be RST. Any existing active/persistent connections will remain connected until time out? If so, the timeout will be from client or F5 perspective?

 

First of, the difference between Disabled and Forced Offline:

 

Disabled:

 

When you set a node or pool member as disabled the following connections are still allowed to communicate:

 

  • Active Connections
  • Persistent Connections

When using disabled, the pool member or node will be slowly taken out of service ensuring the minimal impact of the clients. So long as the client has persistence to the pool member or node they can still access it which can sometimes be a problem. For instance, if the virtual server is configured with cookie persistence with an expiration of 7 days, it will take an entire week for all connections to time out and eventually end up at another pool member/node.

 

Forced Offline:

 

When a pool member or node is set to Forced Offline the following connections are still allowed to communicate:

 

  • Active Connections

When you need to quickly take a pool member or node offline then the Forced Offline is a far better option. An example would be that you are experiencing a problem on the end-server as the service has crashed and will not come back online again. When this happen, you should set the pool member/node as Forced Offline.

 

When it comes to the Active Connections, these are based upon the connection table of the BIG-IP. So if you set the pool member/node to Forced Offline and delete all of its related connections in the connection table, it will surely not receive any additional traffic.

 

2. By manually purging the sys connection "delete sys connection cs-client-addr ", does it entirely help to kill off all active/existing connection too? Does it really work and is it a clean way to purge?

 

Absolutely, I do not know another way to purge connections other than the tmsh command. You can specify the cs-server-addr as well so you don't kill off all of the connections the client might have to the BIG-IP.

 

3. Another way to purge the active/existing connection would be to close the Outlook app and reopen. Then it will hit the F5 VIP and gets served to other working pool members.

 

I'm not sure how the Outlook App works, but if it kills the active connection then that would be a way around it as well. But it would be as easy for you to run the tmsh delete sys connection command than asking everyone to restart their Outlook App. :)

 

Hope this helps! Let me know if you have any further questions :).