Bug ID 1037661: The packet tester does not validate the route domain after applying the rule list when the protocol is changed from IP to any

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Fixed In:
17.0.0

Opened: Jul 30, 2021

Severity: 3-Major

Symptoms

After changing a firewall rule protocol to "any" and applying the change, the change is accepted but traffic is not matched.

Impact

The configuration change is applied but the rule is not applied correctly and some traffic might not be matched.

Conditions

-- Firewall rules are applied to a non-default route domain -- One or more rules have the protocol field set to "any" and this is the only change

Workaround

Make a change to an additional variable and submit the change.

Fix Information

IF will work as accepted if interchange any value of ip_protocol_name

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips