Forum Discussion

f5mkuDefault's avatar
f5mkuDefault
Icon for Cirrus rankCirrus
Feb 26, 2021

WEBSERVICES becomes inaccessible when failover

Hi experts,   I would like to get some help with this issue we've been trying to resolve that even F5 TAC is unable to find the root cause until now for several months already.   We have an F...
application delivery
ASM Advanced WAF
LTM
f5mkuDefault's avatar
f5mkuDefault
Icon for Cirrus rankCirrus
Mar 17, 2021

Just want to update this, currently f5 is pushing this to firewall problem...no closure yet

  • eey0re's avatar
    eey0re
    Icon for Cirrostratus rankCirrostratus
    Mar 17, 2021

    This does sounds like a firewall problem. For example, when a failover occurs the TCP connections are not recognised by the new appliance (unless network mirroring is enabled for a VS). This results in a large number of TCP RSTs to all the servers and clients. I've seen a "nextgen" firewall see the large number of RSTs from BIG-IP and think it's a port scan.

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Mar 21, 2021

    I agree with eey0re that you may test with f5 connection mirroring and  mac masquerade and also during a failover the firewall teams needs to check the security and ddos logs.

Related Content