Last Modified: May 22, 2019
Opened: Jul 24, 2015
AFM drops HA heartbeat packets on Self IP addresses when a default deny rule matches traffic on the Global context.
Best practice is to set up CMI traffic over both management and TMM interfaces. This takes the TMM interfaces out.
HA configuration with sod traffic routed over TMM controlled interfaces with a default deny rule and no rule explicit permitting HA traffic.
As a workaround, explicitly enable the default rules permitting traffic between HA peers.