Bug ID 1284081: Incorrect Enforcement After Sync

Last Modified: Mar 19, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3

Fixed In:
17.1.1

Opened: Apr 02, 2023

Severity: 1-Blocking

Symptoms

In some scenarios, configuration updates are not sent to the enforcer which can cause unexpected enforcement. In bd and asm_config_server logs you may see the following logged repeatedly: ECARD_POLICY|NOTICE|Mar 28 12:53:26.872|18357|table_funcs.cpp:1471|handle_table_dynamic CONFIG_TYPE_INTERNAL_PARAMETERS res:[0] BD_FLUSH_TBLS|ERR |Mar 28 12:53:26.872|18357|AccountDomainsTbl.cpp:0049|attempting to add policy name crc while it already exists crc:[10127277905900865307]

Impact

Incorrect policy enforcement.

Conditions

A large configuration is synchronized to a device.

Workaround

1) Apply each policy individually on the affected devices/blades or 2) Restart ASM on the affected devices and blades

Fix Information

Configuration updates are handled correctly.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips