Trust Protection Platform 15.x and above
F5 LTM advanced driver
What is the purpose of the "ignore failover state" ?
The purpose of the “ignore failover state” is really a failsafe option. Before provisioning is done, we determine if we are provisioning to a standby node or an active node. The reason we check for this is we would want to avoid the situation where we provision a new cert to a standby node and that cert never gets replicated to the active node. We check what the user has configured as the HA setting and if they match, we provision, if they don’t we stop the provisioning. If we select “Ignore failover state”, we will provision no matter what.
If we have F5 app objects that represent both the active & standby nodes, and have the HA setting set to "ignore" & "config sync" for both, if it hits the standby will it just provision then sync to active?
Yes, That is correct.
Will it also try to provision to the active as well and then sync back again to the standby node?
No, It will not provision to the active node. It will only try to provision to a single device.
When should this setting be used?
Potentially, If you are using a floating IP, ignoring the fail over state might be best option that way it will always provision to the active node, and if config sync is set, it will sync to each of the standby nodes.