Logging Configuration in LTM HA
Hello everyone I'm doing a logging lab and I'm asking for your help to understand some things. I have two BIG-IP LTM in HA and a Qradar logging server. I have configured the Qradar as syslog servers at each HA node. At the Qradar level I receive the active logs but the standby only sends errors like "BIGIP_TMM_TIMMERR_PMBR_BACK_UP. I'd like to know if it's normal for the standby to send only error messages, and in general I'd like to understand how logging works in HA and what type of event each device sends to the server. thanks in advance
How to force close TLS sessions in a failover scenario
Hi, We have an application behind Big-IP which doesn't handle failovers well. The Big-IP keeps all TLS sessions consistent and open during failover but the application doesn't support TLS resume for a session and this causes problems in the app. I'm looking for a way to close TLS sessions for a specific VS in a failover scenarios. We're on version 16.1.4.1 Any suggestions? Thanks
Configure HA on trial environment
Hello everyone, I have to two 30 day trial SN. and i am using some instructor to perform ha sync between them but the sync doesn't work. the same instruction help me to set up sync in a production environment. is it possible that HA not supported on trial version ? I'm using BIG-IP VE Version 17.0.0.
HA pair in VMware v7 update 3 - Should "power on connect" be enabled, or disabled for vlans/network?
Late last year we migrated the vcmp guests off of our 7200 chassis into VMware. Up until now, "Connect at power On" has been diabled for the vlans/networks. The question is whether that should be enabled. The question sent by the Server tech is below... We have noticed that the F5 VMs networks are not checked for “Connect at power On”, should this be the case in our HA F5? We ask this is because we noticed the other HA pair don’t have their network adapter connected and is not connected. Should both HA pairs have their network adapter be checked for “Connect at power On” so they can connect at power on? Thanks!
Can we remove sync-only device group? Is there impact of procedure?
Hi Currently we are using F5 LTM+DNS+APM. And we have 4 unit in DNS sync group.. (2 in DC and 2 in DR) We have sync-failover separatly in each DC but we have same sync-only group for APM sync policy Our issue is, They saw device group of other DC show incorrectly. For example. If you are access to GUI on F5 DC. in Device management menu , You will see Sync-failover device group of 2 DC unit (which is correct) but you will also see Sync-failover device group of 2 DR unit too and it show in Disconnect state. <<<< This is problem. but i think it's expect behavior because F5 DC should disconnect from F5 DR I suspect this is happen because we have sync-only group (which include all 4 device both DC and DR) Question is Can we just remove that Sync-only device group? Is there any interruption of service orimpact of procedure? Or I can't remove it and need to re-create all new HA from scratch both DC and DR? Sync status as below Thank youF5 HA Cluster on Azure without Public IPs
Hello I'd like to ask a couple of question about F5 running on Azure Public Cloud. Is that possible to use CFE without Public IP (aka elastic ip) and just with secondary ip addresses? Is that possible to use CFE for just manipulating the routes? TL;DR These question comes into my mind when i need to figured out a solution for a pair of F5 running on Azure Public Cloud. Because, all public IP addresses bound on a Firewall which currently sitting in between Internet and F5 cluster. Since there won't be any public ip addresses on F5s, i could not find a way to send traffic to the active F5. CFE comes into play here but CFE needs two ip addresses which first one is public and the other is secondary. Clearly, without public ips, CFE won't help much. The schenario in my mind, when traffic came to public ip address on firewall, it sends the traffic to the secondary ip address which is currently attached on active F5 device. But when a failover occurred, i have to send traffic to the current active device, but how? Could i use CFE to manage just route tables? If yes, so i can point to traffic where should be sent, even if there is no public ip addresses. When a failover occurred, i can point to other secondary ip on curent active unit for whole subnet that F5 uses as virtual ip addresses, or this is just a dream?
Path Check Monior to trigger Failover
Good Afternoon I have two traffic groups and two LTMS. F5 Box1 Traffic group 1 is Active Traffic Group 2 Standby F5 Box 2 Traffic group 2 is Active Traffic Group 1 Standby I want to do a Path Check Monitor to go out Box 1 simple Get req for google .com and one other site . if the get isn't successful. I would like Traffic Group 1 on F5 Box 1 to fail over to F5 Box 2 Does anyone have an example or docs i can refer to .. Thanks in advance
