Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

1Tamad's avatar
1Tamad
Icon for Nimbostratus rankNimbostratus
Jul 13, 2022

Temporary reroute of web traffic

We are doing break/fix on a server that will include a reboot. Server admins are asking us to confirm that all web requests will be routed to a secondary server during the change window. Once we are...
application delivery
security
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Jul 14, 2022

Step 4 of your solution may be avoided by setting your pool to "action on service down" to "reset".

OneConnect may help as well (applies to virtual servers with SSL-termination and http-profile only!) to reroute traffic in case the poolmember becomes unavailable.

Patrik_Jonsson's avatar
Patrik_Jonsson
Icon for MVP rankMVP
Jul 22, 2022

The elite of DC has spoken but I just wanted to add a small note on OneConnect. It's an awesome feature but you should be aware of some things if the following conditions are true:

  • You are not source NAT:ing your traffic already
  • You depend on source IPs in your server logs (most people do)
  • You want to enable OneConnect

Then make sure that the X-Forwarded-For headers are inserted on the F5 and that the servers can read them. Otherwise you'll see some strange traffic patterns in the server logs. 🙂

More about XFF here:
https://support.f5.com/csp/article/K4816

Kind regards,
Patrik

Related Content