Applies To:

Show Versions Show Versions

Manual Chapter: Running Application Security Manager on the VIPRION Chassis
Manual Chapter
Table of Contents   |   << Previous Chapter

In contrast to how the Application Security Manager runs on a redundant system, where only the active unit handles requests and enforcement, the primary and secondary cluster members in the VIPRION® system all handle traffic and enforcement. A separate instance of the Application Security Manager runs on each of the cluster members in the VIPRION system. In the event of blade failure in the chassis, updates and synchronization gracefully and transparently transfer security policies and data to the new primary cluster member.
The Application Security Manager system failover communication on the VIPRION chassis is the same as that in redundant system configurations, ensuring that configuration data are synchronized to all cluster members in the cluster. Policy Builder and Learning Manager run only on the primary member. When configuration or security policy changes are made to the cluster, the active security policy is copied synchronously from the primary cluster member to the secondary cluster members. Each secondary cluster member imports the updated security policy and sets it to the active state.
The Application Security Manager functionality is the same on the VIPRION chassis as it is when installed on a single cluster member or as a standalone component, with the following exceptions:
The system synchronizes the full application security configuration, including reporting data, web applications, and security policies, across all cluster members once each hour.
When a new primary cluster member is selected within the VIPRION chassis configuration, the Application Security Manager applies the full configuration of the new primary cluster member across all the remaining cluster members.
Note: For more information about working with the VIPRION chassis features, refer to the Configuration Guide for the VIPRION® System, which is available at https://support.f5.com.
From the Configuration utility of the Application Security Manager, you can view the synchronization status for each cluster member in the VIPRION chassis. The system displays the synchronization status according to the state of the security policies. The status options are:
Up to date
The security policy for this cluster member is identical to that of the primary cluster member.
Waiting for reply
The security policies for this cluster member have not yet received the security policy update.
Loading
The system is currently applying security policy changes to this cluster member to synchronize it with security policy changes made on the primary cluster member.
Error
The system was not successful in applying security policy changes from the primary cluster member. As a result, the active security policy on this cluster member is different from the active security policy on the primary member.
1.
On the Main tab of the navigation pane, expand Application Security, and then click Overview.
The Welcome screen opens.
2.
On the menu bar, click Synchronization Status.
The Synchronization Status screen opens, where you can review the status of security policies for each cluster member.
Tip: You can also click Synchronization Status in the Main tab of the Application Security navigation pane to open the Synchronization Status screen.
When you run Application Security Manager on the VIPRION chassis, there are additional high availability options specific to the Application Security Manager system. For example, you can specify how the system responds to a failure on a secondary cluster member.
For more general information about the high availability configuration for BIG-IP systems, refer to the TMOS Management Guide for BIG-IP® Systems, which is available at https://support.f5.com
1.
On the main tab of the navigation pane, expand System, and click High Availability.
The High Availability screen opens.
2.
From the Fail-safe menu, choose System.
The screen refreshes, and displays fail-safe settings.
3.
In the ASM Configuration Failure Settings area, review the settings and make any changes, as needed. Note that these settings apply only to the Application Security Manager configuration.
Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)