Applies To:

Show Versions Show Versions

Manual Chapter: Running Application Security Manager on the VIPRION Chassis
Manual Chapter
Table of Contents   |   << Previous Chapter

In contrast to how the Application Security Manager runs on a redundant system configuration, where only the active unit handles requests and enforcement, the primary and secondary cluster members in the VIPRION® system handle traffic and enforcement. A separate instance of the Application Security Manager runs on each of the cluster members in the VIPRION system. In the event of blade failure in the chassis, updates and synchronization gracefully and transparently transfer security policies and data to the new primary cluster member.
The Application Security Manager system failover communication on the VIPRION chassis is the same as that in redundant system configurations, ensuring that configuration data are synchronized to all cluster members in the cluster. Policy Builder and Learning Manager run only on the primary member. When configuration or security policy changes are made to the cluster, the active security policy is copied synchronously from the primary member to those that are designated as secondary cluster members. Each secondary cluster member imports the updated security policy and sets it to the active state.
The Application Security Manager functionality is the same on the VIPRION chassis as it is when installed on a single cluster member or as a standalone component, with the following exceptions:
Note: When a new primary cluster member is elected within Local Traffic Manager, the Application Security Manager applies the full configuration of the new primary cluster member across all other cluster members. For more information on working with the Local Traffic Manager, refer to the Configuration Guide for BIG-IP® Local Traffic Manager.
In the Application Security navigation pane, click Welcome.
The Welcome screen opens and displays a summary of statistics for all blades running on the VIPRION chassis.
The Application Security Manager displays the synchronization status for each cluster member in the VIPRION chassis in the context of security policies. Because each cluster member has its own Configuration utility, you can view the synchronization status only from the primary cluster member. The possible status for each blade is:
Up to date
The security policy for this cluster member is identical to that of the primary cluster member.
Waiting for reply
The security policies for this cluster member have not yet received the security policy update.
The system is currently applying policy changes to this cluster member to synchronize it with security policy changes made on the primary cluster member.
The system was not successful in applying security policy changes from the primary cluster member. As a result, the active security policy on this cluster member is different from the active security policy on the primary member.
On the menu bar, click Synchronization Status.
The Synchronization Status screen opens, where you can review status for each cluster member.
Note: You can monitor each cluster members CPU Utilization graph in the Configuration utility. For more information, refer to the TMOS® Management Guide for BIG-IP® Systems, which is available on the Ask F5SM web site,
Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)