Last Modified: Feb 14, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5
Fixed In:
16.1.4, 15.1.9
Opened: Dec 22, 2021 Severity: 2-Critical
BIG-IP drops all traffic after a reboot or failover.
Site is down, no traffic passes through the BIG-IP.
-- Create firewall rules with IPI deny-list category as source and default action as drop. -- After reboot, the rule with IPI category as source will overlap all rules and with default action as drop, traffic will be dropped.
Workaround is to restart the pccd, as it compiles the blob again with all IPI category initialized: tmsh restart sys service pccd
PCCD waits for the first deny list IPI category initialized before the firewall rules are compiled.