Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

WAF failover


What is the reason behind theactive  WAF go standby , is there anything i have to check to know the reason ? i mean do i have to check size , connection or what exactly?



there is a whole knowledge base article on AskF5 for diagnosing failover events:
K95002127: Troubleshooting BIG-IP failover events 


Dear @Daniel

Many thanks, highly appriciated.

my active device is (device 1) and my website working fine. when auto faliover happend  the active device (device1) become standby , the traffic goes to the active device ( device 2) but my website does not work . it is display blank page only. when i enforce device 2 to becaome standby and device 1 become the active, my website works well.


so what i have to check in this case? note that both device are in sync.

Three things I would check.

1. Do a tcpdump on the BIG-IP device 2. Check what is going on.

2. Did you configure MAC masquerade? If MAC masquerade doesn't mean anything to you - start from here: K15858: How BIG-IP utilizes gratuitous ARP 

3. Are ASM policies synced in your device group? Read this: K12200102: Enabling Application Security Synchronization on a device group 


You need to check illegal/block request if any, after failover
Should have both device in sync after any changes done on ASM policies

Yes there is block in event logs, but in both devices the same number of urls/parameters and so on . how to check asm sync?

Really silly questions.

But what do you health monitors say on each part of the cluster?

What happens if you disable the waf profile on device 2 (now active).

Are you sure it's the waf profile?

Both BIG-IP'S do health monitors in their own right.

Other than that ASM sync would be my next thing to check, also ensuring your failover sync is setup correctly. (Check the advanced settings just to make sure)

it seems the issue with asm , how to check asm sync? cuz both devices have same number of urls, parameters listed?!


Cirrostratus - check this KB

Also you may check disabling dos/Bot or other profile applied one by one and test.