Bug ID 1020345: Web Application Security child policy general policy settings inheritance cannot be declined in a deployment which alters general settings

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IQ Web App Security (ASM)(all modules)

Known Affected Versions:
7.0.0.1, 7.0.0.2, 7.1.0, 7.1.0.1, 7.1.0.2, 7.1.0.3, 7.1.6, 7.1.6.1, 7.1.7, 7.1.7.1, 7.1.7.2, 7.1.8, 7.1.8.1, 7.1.8.2, 7.1.8.3, 7.1.8.4, 7.1.8.5, 7.1.9, 7.1.9.7, 7.1.9.8, 7.1.9.9, 8.0.0, 8.0.0.1

Opened: May 20, 2021

Severity: 3-Major

Symptoms

Deployment fails with the following error Failed pushing changed objects to device [Name of Target BIG-IP]: Could not update the Policy '[Name of Target Child Policy]'. Cannot delete inherited elements.

Impact

Settings do not take effect. A Web Application Security Child Policy cannot have its General Policy Settings Inheritance changed to Declined in the same deployment that also alters any general settings in that Child Policy.

Conditions

1. Web Application Security Child Policy was previously deployed to the BIG-IP system with General Policy Settings Inheritance setting set to Accepted. 2. A new deployment for Child Policy is triggered with multiple changes: a. General Policy Settings under Inheritance Settings is changed to Declined b. One or more changes to general settings

Workaround

First perform a deployment just setting the Child Policy's General Policy Settings Inheritance setting to Declined and then perform a second deployment with any additional changes desired to the Child Policy.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips