Bug ID 630022: IPsec in HA: config sync from Standby to Active resets tunnels

Last Modified: Jun 10, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,

Opened: Nov 22, 2016
Severity: 3-Major


IPsec in HA: config sync from the Standby BIG-IP system to the Active one resets tunnels.


IPsec tunnels are reset on the Active system.


IPsec in high availability (HA) configurations. Performing config sync from Standby to Active.


Use "Auto Sync" on the Device Group and never use "Overwrite Configuration" when manually syncing. Note: Although preparing a configuration on Standby and syncing to Active is not prohibited, it is not recommended. The expected operation is to make all configuration changes on the Active BIG-IP system, and perform config sync to the Standby one.

Fix Information


Behavior Change