Last Modified: May 29, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3
Fixed In:
17.1.1
Opened: Jul 17, 2023 Severity: 3-Major
You are unable to make changes in the IPS Profile when it is on a different partition and the device is in a sync-only device group.
The changes related to action value cannot be made in the IPS Profile which is in a different partition on a device which is in sync-only device group.
1) Create a device group with two devices. (https://my.f5.com/manage/s/article/K63243467) 2) Create a new partition System > Users > Partition List > Create > Add device group created in step 1 here in the partition 3) On the right corner in BIG-IP UI you can select the partition. Select the new partition created 3) Create a virtual server Local Traffic > Virtual Servers > Virtual server List > create 4) Create a IPS Profile Security > Protocol Inspection > Inspection Profiles > new > select the services you want to add to profile. 5) Add the profile to virtual server. Local Traffic > Virtual Servers > Virtual server List > click on visual server you created > Security > Policies > Protocol Inspection Profile > enabled > select profile name 6) Now go to the profile and try to make changes to action value of any of the signatures or compliances which require IPS subscription.
None
After fixing the issue, able to make changes in the IPS Profile and also sync the config between the sync-only device group.