Forum Discussion
You can't force a timeout from client-side (it will happen if you leave the connection open too long, based on timers set on your F5 profiles) but you can force a connection close.
This is weird behavior - if you see new CRT on the other VS's I'd expect that a NEW connection to the other two should work just fine as well.
I'd like to suggest you to run a packet capture on F5 filtering by your client IP and check what certificate is presented by F5 during SSL handhsake in server-hello packet. If it's the new one, but you still see old cert on client, it's very likely that there is something else between your client and F5 which is presenting you the wrong CRT. You'll need to find this appliance and update cert as well. If the packet shows F5 still presents old CRT, there's a config problem somewhere on F5. Check what clientSSL profile are using the two VS's that don't work and check if all configuration objects (cert, key, intermediate chain) are referenced correctly. If key is password-protected try updating the password on the profile as well.
Hope this helps
CA
From F5 you can forcefully drop a client connection running "tmsh delete sys connection cs-client-addr <your client IP> cs-server-addr <VS IP> cs-server-port <VS port>"
https://support.f5.com/csp/article/K53851362 for reference