Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6
Fixed In:
15.0.0, 14.1.2.7
Opened: Nov 30, 2018 Severity: 2-Critical
The BIG-IP Virtual Edition (VE) system might not be able to install some IP rules in the host during the first boot up. As a result, some types of traffic (e.g., ssh) destined for the BIG-IP system via the data path (not via the management interface) might not be able to respond back to a sender. This issue exists only during the first boot into a new BIG-IP partition after installation.
Some types of traffic (e.g., ssh) destined for the BIG-IP system via the data path (not via the management interface) might not be able to respond back to a sender.
This issue exists if the following conditions are met: -- The BIG-IP system is VE. -- Before installing a new BIG-IP image, the sys db variables 'liveinstall.saveconfig' and 'liveinstall.moveconfig' are both set to 'disable'. By default, both variables are set to 'enable'. -- First boot into a new BIG-IP partition after installation.
You can use either of the following workarounds: -- Restart mcpd using the following command: bigstart restart mcpd -- After the first boot into a new BIG-IP partition, you can simply reboot the BIG-IP system again, and then the necessary IP rules are created correctly.
The necessary IP rules are created correctly in the first boot into a new BIG-IP partition after installation.