Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

WAF failover

THE_BLUE
Cirrostratus
Cirrostratus

‎04-Apr-2022 21:32

What is the reason behind theactive  WAF go standby , is there anything i have to check to know the reason ? i mean do i have to check size , connection or what exactly?

Labels:
0 Kudos
9 REPLIES 9

Daniel_Wolf
MVP
MVP

‎04-Apr-2022 23:22

Hi @THE_BLUE,

there is a whole knowledge base article on AskF5 for diagnosing failover events:
K95002127: Troubleshooting BIG-IP failover events 

KR
Daniel

THE_BLUE
Cirrostratus
Cirrostratus
In response to Daniel_Wolf

‎05-Apr-2022 21:24

Dear @Daniel

Many thanks, highly appriciated.

0 Kudos

THE_BLUE
Cirrostratus
Cirrostratus
In response to THE_BLUE

‎05-Apr-2022 22:28

my active device is (device 1) and my website working fine. when auto faliover happend  the active device (device1) become standby , the traffic goes to the active device ( device 2) but my website does not work . it is display blank page only. when i enforce device 2 to becaome standby and device 1 become the active, my website works well.

 

so what i have to check in this case? note that both device are in sync.

0 Kudos

Daniel_Wolf
MVP
MVP
In response to THE_BLUE

‎06-Apr-2022 09:33

Three things I would check.

1. Do a tcpdump on the BIG-IP device 2. Check what is going on.

2. Did you configure MAC masquerade? If MAC masquerade doesn't mean anything to you - start from here: K15858: How BIG-IP utilizes gratuitous ARP 

3. Are ASM policies synced in your device group? Read this: K12200102: Enabling Application Security Synchronization on a device group 

0 Kudos

Gajji
Cirrostratus
Cirrostratus

‎01-May-2022 09:36

You need to check illegal/block request if any, after failover
Should have both device in sync after any changes done on ASM policies

0 Kudos

THE_BLUE
Cirrostratus
Cirrostratus
In response to Gajji

‎06-May-2022 10:20

Yes there is block in event logs, but in both devices the same number of urls/parameters and so on . how to check asm sync?

0 Kudos

PSFletchTheTek
MVP
MVP

‎01-May-2022 11:24

Really silly questions.

But what do you health monitors say on each part of the cluster?

What happens if you disable the waf profile on device 2 (now active).

Are you sure it's the waf profile?

Both BIG-IP'S do health monitors in their own right.

Other than that ASM sync would be my next thing to check, also ensuring your failover sync is setup correctly. (Check the advanced settings just to make sure)

0 Kudos

THE_BLUE
Cirrostratus
Cirrostratus
In response to PSFletchTheTek

‎06-May-2022 10:22 - edited ‎06-May-2022 10:37

it seems the issue with asm , how to check asm sync? cuz both devices have same number of urls, parameters listed?!

 

0 Kudos

Gajji
Cirrostratus
Cirrostratus

‎06-May-2022 23:35

https://support.f5.com/csp/article/K68104353 - check this KB

Also you may check disabling dos/Bot or other profile applied one by one and test.

0 Kudos
Copyright © 2023 Khoros, LLC