Last Modified: May 29, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3
Fixed In:
15.0.0, 14.1.3.1
Opened: Oct 18, 2018 Severity: 2-Critical
When there are scheduled firewall rules, and per-policy compilation optimization enabled, PCCD may enter crash-loop after installing new build. In very rare cases this can happen after regular BIG-IP restart. Per-policy compilation optimization is enabled by default, the sys db variable pccd.perpolicycompilation is true.
After this failure, an rare problem is that PCCD is continuously crashing. New firewall config is not applied on data traffic. The pre-upgrade firewall config is still applied on data traffic.
-- AFM is licensed and provisioned. -- There are scheduled firewall rules. -- Per-policy compilation optimization enabled (sys db variable pccd.perpolicycompilation is true) -- The BIG-IP system is upgraded or restarted
Set sys db variable pccd.perpolicycompilation to false.
PCCD works correctly in these conditions.