Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6
Opened: Jan 29, 2024 Severity: 3-Major
Having an active asm policy named 'auction' and an iRule that addresses it as follows: ---- when HTTP_REQUEST { ASM::enable "/Common/auction" log local0. "new request to virtual server auctionvs" } ---- Try to deactive the policy via TMSH and observe the error: ---- root@(00565499-bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify asm policy auction inactive 01070340:3: asm_policy (/Common/auction) is referenced by one or more rules ---- Take a look and see the discrepancy in the resulting state: ---- # list asm policy asm policy auction { active //============> the policy is active in MCP encoding utf-8 policy-template POLICY_TEMPLATE_FUNDAMENTAL } # list asm policy all-properties asm policy auction { app-service none blocking-mode enabled description "Fundamental Policy" encoding utf-8 inactive //============> the policy is inactive in ASMConfig parent-policy none partition Common policy-builder disabled policy-template POLICY_TEMPLATE_FUNDAMENTAL policy-type security virtual-servers none } ----
-- Policy is deactivated in ASMConfig but not in MCP -- BD resets the connection on policy requests
-- Having an ASM policy addressed by an iRule -- Deactivating that policy
Activate the policy again using TMSH modify active command
None