04-Apr-2022 21:32
What is the reason behind theactive WAF go standby , is there anything i have to check to know the reason ? i mean do i have to check size , connection or what exactly?
04-Apr-2022 23:22
Hi @THE_BLUE,
there is a whole knowledge base article on AskF5 for diagnosing failover events:
K95002127: Troubleshooting BIG-IP failover events
KR
Daniel
05-Apr-2022 21:24
Dear @Daniel
Many thanks, highly appriciated.
05-Apr-2022 22:28
my active device is (device 1) and my website working fine. when auto faliover happend the active device (device1) become standby , the traffic goes to the active device ( device 2) but my website does not work . it is display blank page only. when i enforce device 2 to becaome standby and device 1 become the active, my website works well.
so what i have to check in this case? note that both device are in sync.
06-Apr-2022 09:33
Three things I would check.
1. Do a tcpdump on the BIG-IP device 2. Check what is going on.
2. Did you configure MAC masquerade? If MAC masquerade doesn't mean anything to you - start from here: K15858: How BIG-IP utilizes gratuitous ARP
3. Are ASM policies synced in your device group? Read this: K12200102: Enabling Application Security Synchronization on a device group
06-May-2022 10:20
Yes there is block in event logs, but in both devices the same number of urls/parameters and so on . how to check asm sync?
01-May-2022 11:24
Really silly questions.
But what do you health monitors say on each part of the cluster?
What happens if you disable the waf profile on device 2 (now active).
Are you sure it's the waf profile?
Both BIG-IP'S do health monitors in their own right.
Other than that ASM sync would be my next thing to check, also ensuring your failover sync is setup correctly. (Check the advanced settings just to make sure)
06-May-2022 10:22 - edited 06-May-2022 10:37
it seems the issue with asm , how to check asm sync? cuz both devices have same number of urls, parameters listed?!
06-May-2022 23:35
https://support.f5.com/csp/article/K68104353 - check this KB
Also you may check disabling dos/Bot or other profile applied one by one and test.