Last Modified: May 29, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3
Fixed In:
17.1.1
Opened: Apr 02, 2023 Severity: 1-Blocking
In some scenarios, configuration updates are not sent to the enforcer which can cause unexpected enforcement. In bd and asm_config_server logs you may see the following logged repeatedly: ECARD_POLICY|NOTICE|Mar 28 12:53:26.872|18357|table_funcs.cpp:1471|handle_table_dynamic CONFIG_TYPE_INTERNAL_PARAMETERS res:[0] BD_FLUSH_TBLS|ERR |Mar 28 12:53:26.872|18357|AccountDomainsTbl.cpp:0049|attempting to add policy name crc while it already exists crc:[10127277905900865307]
Incorrect policy enforcement.
A large configuration is synchronized to a device.
1) Apply each policy individually on the affected devices/blades or 2) Restart ASM on the affected devices and blades
Configuration updates are handled correctly.