Last Modified: Oct 15, 2025
Affected Product(s):
BIG-IP AFM, APM, ASM, DNS, GTM, LTM, TMOS
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3
Opened: Sep 15, 2025 Severity: 3-Major
When a command is issued on a BIG-IP system to sync configuration to a Device Group from a given Device in the Device Group, the config sync command may not be recorded in the audit log on the device where the command was issued. The audit log may not record this command, even though subsequent log messages in other log files may indicate successful completion of the config sync action.
When attempting to diagnose issues that occur in the context of syncing configuration across Devices in a Device Group, it may not be clear where, when, and by whom the command to initiate the config sync was issued.
This may occur when: -- Issuing the command to sync configuration from a Device to a Device Group in which it is a member. -- Issuing such a command from either the command-line interface (tmsh) or from the BIG-IP GUI (tmui). -- Accepting the default/offered suggestion for the Device whose configuration is to be synced to the Device Group. For example: -- In the GUI, accepting the default selection indicated by the active radio button for which Device to sync to the Device Group, and clicking Sync. -- In the CLI, issuing the "tmsh run cm config-sync" command with the "to-group" option from the Device which is suggested by the "tmsh show cm sync-status" command.
None
None