Bug ID 864513: ASM policies may not load after upgrading to 14.x or later from a previous major version

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM, Install/Upgrade, TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5

Fixed In:
16.0.0, 15.1.1, 14.1.2.7

Opened: Dec 22, 2019

Severity: 1-Blocking

Related Article: K48234609

Symptoms

ASM policies may not load immediately after upgrade due to SELinux policies issues relating to the upgrade process.

Impact

Traffic is not processed properly after upgrade due to failure to load ASM policies.

Conditions

1. ASM is provisioned. 2. One or more ASM Security Policies is attached to one or more virtual servers. 3. Upgrade from v12.x or v13.x to v14.x or later.

Workaround

You can use either of the following workarounds. -- Remove ASM Policies while upgrading: 1. Prior to upgrade, remove all ASM Security Policies from all virtual servers. 2. Upgrade. 3. Reassociate each ASM Security Policy with its original virtual server. -- Restore the UCS on a new boot location after upgrade: 1. Prior to upgrade, create a UCS. 2. Upgrade or create a new instance of the software version at the target location. 3. Restore the UCS at the new location.

Fix Information

ASM policies now load as expected after upgrading to 14.x or later from a previous major version.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips