For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Syncing F5 APM Policies Across Cloud Regions or Datacenters

In a previous article, I discussed the syncing of F5 ASM policies across BIG-IP instances stretching separate datacenters or different cloud regions. This use case was extremely useful to me when dep...
Published Jan 04, 2019
Version 1.0
application delivery
BIG-IP
BIG-IP Access Policy Manager (APM)
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
Steve_Lyons's avatar
Steve_Lyons
Ret. Employee
Jan 04, 2019

Amolari, thanks for the feedback. Yes, you are correct.

 

Understanding policy sync device group setup for Active-Standby pairs To add devices to a device group, all devices must belong to the same local trust domain. If you want to sync access policies with a device that does not belong to the local trust domain, but also belongs to a Sync-Failover group, you must reset the trust between the devices and remove them from the Sync-Failover device group. (For more information, see BIG-IP® Device Service Clustering: Administration on the AskF5™ web site located at http://support.f5.com/.)

 

After you establish device trust between your BIG-IP system and the devices, you can add them to a Sync-Failover group again.