Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
13.1.0, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 13.1.1, 14.0.0, 126.96.36.199, 188.8.131.52
14.1.0, 184.108.40.206, 220.127.116.11
Opened: Jun 14, 2018
Related AskF5 Article: K74431483
After modifying the ssl_profile attribute on an HTTPS monitor on a device in a high availability (HA) configuration, and after performing a full ConfigSync, the corresponding monitor on the peer-sync unit does not have the updated value.
The ssl_profile value for the HTTPS monitor on the peer unit is set to none, resulting in the two devices reporting themselves as in-sync, but having potentially different HTTPS monitor configurations.
-- An HTTPS monitor is used on BIG-IP systems in an high availability (HA) configuration. -- The ssl_profile field is modified on an HTTPS monitor. -- A sync-to-peer (full ConfigSync, not incremental sync) is attempted to propagate the modified ssl_profile value to the peer units.
-- Do not run HTTPS monitors using in-tmm monitors, -- Use the traditional HTTPS monitor configuration for SSL-attributes (cipherlist, key, cert, and compatibility attributes on HTTPS monitor). Note: Using these attributes generates deprecation warnings, but the configuration still takes effect.
After modifying the ssl_profile attribute on an HTTPS monitor on a system within an high availability (HA) configuration, and after performing a full ConfigSync, the corresponding monitor on the peer unit now receives the updated monitor attribute, as expected.