Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
12.1.3
Fixed In:
14.1.0, 13.1.1, 12.1.3.4
Opened: Jan 19, 2018 Severity: 3-Major Related Article:
K32181540
TMM crashes with core when changing firewall rules. TMM can enter a crash-loop, so it will crash again after restarting.
Data traffic processing stops.
Updating, removing, or adding firewall rules. Specific characteristics of change that can cause this issue are unknown; this issue occurs rarely.
There are two workaround options: Option A 1. Delete all policies. 2. Create them again without allowing blob compilation. 3. Repeat steps 1 and 2 until all the policies have been created (enable on-demand-compilation). Option B Modify all the rules simultaneously. For example, the following steps will resolve this issue: 1. Enable on-demand-compilation 2. Select an IP address that is not used in any rules, e.g., 1.1.1.1. 3. Add that IP address to all the rules/source in all of the policies. To do so, run the following command for each policy: tmsh modify security firewall policy POLICY_NAME rules modify { all { source { addresses add { 1.1.1.1 } } } } 4. Delete the IP address (restore rules) in all of the policies. To do so, run the following command for each policy: tmsh modify security firewall policy POLICY_NAME rules modify { all { source { addresses delete { 1.1.1.1 } } } } 5. Disable on-demand-compilation. Doing so starts new blob compilation.
TMM no longer crashes when changing firewall rules.