Forum Discussion
NimbostratusSpecific ASM Policy Synchronization between Active - Active Data Centers
By using GTM, Active - Active Data Center is running in our environment and the separate ASM policy is applied to each data center. In DC, there are two ASM policy for each specific services but in DR, there are only one. For example, Let be 'A' named ASM policy for service A and 'B' named ASM policy for Service B in DC and 'A' name ASM policy for Service A in DR. I have implemented by exporting ASM policy from DC and then import to DR. Some clients access go to DC and some go to DR. In that case, some parameters are learnt by ASM in DC but not in DR. I have to be exactly same ASM policy between DC and DR.
Could I implement only one ASM policy synchronization between DC and DR? Please advice me and point me out if you all have experience like that environment. I've attached sample diagram for that.
I'm looking forward your help and advice.
Thanks,
Htoo Htoo
1 Reply
natheCirrocumulus
Could you setup a Sync Only Device Group and include all 3 BIG-IPs in this group. Once done configure the "Application Security Synchronization" to use this Sync Only Group. This way all 3 BIG-IPs will have the same ASM policy/configuration.
See the following for help (not sure of you're TMOS version but this should be standard info):
Section "Overview: Synchronizing ASM systems for disaster recovery"
Hope this helps,
N
