Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Syncing F5 APM Policies Across Cloud Regions or Datacenters

In a previous article, I discussed the syncing of F5 ASM policies across BIG-IP instances stretching separate datacenters or different cloud regions. This use case was extremely useful to me when dep...
Published Jan 04, 2019
Version 1.0
application delivery
big-ip
BIG-IP Access Policy Manager (APM)
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
Steve_Lyons's avatar
Steve_Lyons
Ret. Employee
Jan 04, 2019

Amolari, thanks for the feedback. Yes, you are correct.

 

Understanding policy sync device group setup for Active-Standby pairs To add devices to a device group, all devices must belong to the same local trust domain. If you want to sync access policies with a device that does not belong to the local trust domain, but also belongs to a Sync-Failover group, you must reset the trust between the devices and remove them from the Sync-Failover device group. (For more information, see BIG-IP® Device Service Clustering: Administration on the AskF5™ web site located at http://support.f5.com/.)

 

After you establish device trust between your BIG-IP system and the devices, you can add them to a Sync-Failover group again.