Bug ID 1324197: The action value in a profile which is in different partition cannot be changed from accept/reject/drop to Don't Inspect in UI

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Fixed In:
17.1.2

Opened: Jul 24, 2023

Severity: 3-Major

Symptoms

When trying to change the action value of signature/compliance in an IPS Profile from accept/reject/drop to Don't Inspect in UI, it is not changing. This happens when the IPS Profile is in different partition

Impact

Will not be able to change the action value from accept/reject/drop to Don't Inspect in UI when the IPS Profile is in different partition

Conditions

1) Create a partition System > Users > Partitions List > Create > give profile_name > update 2) Move to the new partition created at the top right corner of UI 3) Create IPS Profile Security > Protocol Security > Inspection Profiles > Add > New > give Profile name > select the services > update action values of signatures and compliances to accept/reject/drop 4) Change the value from action accept/reject/drop to 'Don't Inspect' and commit the changes.

Workaround

For signature below command can be used in CLI modify security protocol-inspection profile /<partition-name>/<profile-name> { services modify { /Common/<service-name> { signature delete { /Common/<signature-name> }}}} To update the action value of all signatures in a service to Don't Inspect modify security protocol-inspection profile /<partition-name>/<profile-name> { services modify { /Common/<service-name> { signature delete { all }}}} For compliance below command can be used in CLI modify security protocol-inspection profile /<partition-name>/<profile-name> { services modify { /Common/<service-name> { compliance delete { /Common/<complance-name> }}}} To update the action value of all compliances in a service to Don't Inspect modify security protocol-inspection profile /<partition-name>/<profile-name> { services modify { /Common/<service-name> { compliance delete { all }}}}

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips