Failover traffic from active F5 device to standby F5 through CLI

 

Use below command to failover a traffic from active F5 device to standby F5 device.

Note: Run the below command only on active device.

tmsh run /sys failover standby

before performing a failover please make sure configurations are in sync and take a F5 device UCS backup.

 

Failover Traffic from Palo Alto Active Firewall to Passive Firewall:

 

Steps:

  1. Login to the active device through webui https://PA-FW-IP-Address
  2. Go to Device
  3. Click on high availability
  4. Click on operational commandsPA-FW-HA
  5. Click “Suspend local device”
  6. Now secondary firewall will move to Active status.

Bring back affected firewall to production:

  1. Once you fix all the issues related to previous active firewalls, bring the firewall back to production using below steps.
  2. Go to Device through webui https://PA-FW-IP-Address
  3.  Click on high availability
  4.  Go to operational commands.
    PA-HA-2
  5.  Click on ” Make local device functional”.
  6.  Now both device are moved to Active/Passive state.

AWS Cloud Security Configuration Check List:

Identity and Access Management:

  1. Avoid the use of the “root” account
  2. Ensure multi-factor authentication (MFA)is enabled for all IAM users that have a console password.
  3. Implement strong IAM password  policies across accounts.

Logging:

  1. Ensure that CloudTrail is enabled all regions.
  2. Ensure the S3 bucket used to store cloudTrail logs is not publicly accessible.

Monitoring:
1. Ensure a log metric filter and alarm exist for usage of the “root” account.
2. Ensure a log metric filter and alarm exist for IAM policy changes.
Networking:
1. Ensure no security groups allow ingress from 0.0.0.0/0 to port 22.
2. Ensure the default security group of every VPC restricts all traffic.
3. Ensure routing tables for VPC peering are “least access”.