I got one problem with cisco ACE in my company. Currently, two ACE appliances are working as HA redundancy. Previously I enabled some https and http probing using get 302 for some servers and services. But then I was told to remove all https or http probing, and instead use tcp port 443 and 80. After that, one of the serverfarm (server groups) is receiving https get 302 and I already checked in the monitoring and see whether there's any https probing regarding the respected real servers. But I could not find any. Even I disable all probing to that serverfarm, all the server members still receiving https get 302. Is this behavior a bug?
The ACE version is A3(2.1). And the HA status is on standby cold. Can standby cold cause this kind of trouble?
When an ACE is in STANDBY-COLD state, configurations may not be properly synchronized, so,it's possible that the probe configuration is still present on the standby device.
Also, I would suggest you to check what is the source IP for the probe connections. An ACE will use the real interface IP to open probe connections, so, this should give you a good idea of which device is generating the connections.
I just corrected the cert problem and made the state peer into standby hot. But still it still keep probing the get 302. And then I tried to restart both ACEs. The first step is to restart the second ACE (standby) and then switched over all context to the second one. The problem is that when I made the second one to be active, some services were not working, especially the ones with ssl terminated in ACE. I'm pretty sure that both ACEs were in sync.
Any idea what is the problem?
At this point, the best is probably to open a TAC case to get this issue investigated further. We will have to check your configuration to understand where are these connections coming from.
As I mentioned in my last message, it would be good to identify the IP address generating these connections to figure out which device is generating them