Bug ID 1245221: ASM Policy IP Intelligence configuration does not seem to synchronize when the device group is set to automatic sync

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Fixed In:
17.1.2

Opened: Feb 19, 2023

Severity: 3-Major

Symptoms

Navigate to the Security > Application Security : Security Policies : Policies List > POLICY_NAME path. In the IP Intelligence tab, click the ON/OFF switch to enable IPI. Therefore, any changes to the Alarm or Block for any category are not synced to the peer device.

Impact

changes to the "Alarm" or "Block" for any category - are not synced to the peer device.

Conditions

Having High Availability (HA) pair in Sync-Failover DG w/ Autosync enabled and ASM sync enabled. Devices licensed with ASM and IPI.

Workaround

Use Manual (not Auto) sync on the DG and push the configuration.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips