Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0, 13.1.1.5
Opened: Mar 14, 2018 Severity: 3-Major
When adding new rules into existing firewall policies, firewall may be not updated, so new rules are not used in traffic processing. If on-demand-compilation mode is enabled, firewall may remain in quiescent state instead of compilation-pending state after adding rules.
Firewall is not updated and new rules do not affect data traffic. If on-demand-compilation mode is enabled, firewall remain in quiescent state instead of going to compilation-pending state after adding rules.
-- Firewall rules are added into existing firewall policies. -- No rules are deleted or modified.
Make additional changes to firewall rules in order to start firewall update, for esample: -- Add a placeholder rule, and then delete it. -- Modify a rule (e.g. by adding an IP address), and then revert the modification by removing that IP address.
When adding new rules, firewall is now always updated. If on-demand-compilation mode is enabled, firewall goes to the compilation-pending state after adding rules.