Bug ID 781425: Firewall rule list configuration causes config load failure

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Fixed In:
15.1.0, 14.1.3.1

Opened: May 10, 2019

Severity: 3-Major

Symptoms

'tmsh load sys config' has a syntax error. The syntax error is reported on 'security firewall rule-list rule' configuration.

Impact

The system fails to load the configuration.

Conditions

This occurs only if any of the rule-list rule ip-protocol contains one of the following protocols: -- BBN-RCC-MON -- NVP-II -- DCN-MEAS -- OSPFIGP -- CRUDP

Workaround

Manually edit the configuration file: /config/bigip_base.conf 1. Replace the ip-protocol name from rule-list configuration: -- Change BBN-RCC-MON to bbn-rcc. -- Change NVP-II to nvp. -- Change DCN-MEAS to dcn. -- Change OSPFIGP to ospf. -- Change CRUDP to crudp. 2. Save the file. 3. Issue the command: tmsh load sys config. The configuration now loads without syntax errors.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips