Bug ID 1215161: A new CLI option introduced to display rule-number for policy, rules and rule-lists

Last Modified: Dec 18, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6

Fixed In:
17.1.1

Opened: Dec 29, 2022

Severity: 2-Critical

Symptoms

If a large number of rules and rule-lists are configured, it takes more than 10 minutes to display the output with rule-numbers. Ex: tmsh - "list security firewall rule-list" icrd - "restcurl -u admin /tm/security/firewall/rule-list" AFM service discovery of BIG-IP fails in BIG-IQ when upgraded to a newer version.

Impact

AFM service discovery from BIG-IQ fails on upgrade.

Conditions

- AFM license is enabled - Large number of rules and rule-lists are configured

Workaround

-

Fix Information

The rule-number feature is used in TMSH or icrd. The default CLI command and REST query are modified to not generate rule-number straight away. This considerably improves the performance when BIG-IQ discovers AFM service from BIG-IP and when a large number of rules and rule-lists are configured. TMSH users can list the rules, rule-list, and policy with rule-number by adding the 'with-rule-number' CLI option. BIG-IQ and TMUI are not affected due to this change.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips