Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IQ SSL Orchestrator
Known Affected Versions:
8.0.0, 8.0.0.1
Opened: Jun 17, 2021 Severity: 3-Major
Some security policy rules get updated to null because of the upgrade scripts for BIG-IQ v8.0. These scripts run when the user upgrades to v8.0 from any previous version.
Setting security policy rules to null causes data inconsistency in security policy rules. If a user does not notice the null/empty values and deploys a configuration change to any of the managed BIG-IP devices, all security policies rules on the managed BIG-IP device will be lost.
This issue occurs during an upgrade to v8.0 when there are rules in a security policy.
After the BIG-IQ is upgraded to v8.0, if there are any security policy rules, use the following workaround: 1. Edit the security policy to remove the rules; then, add them back and redeploy the policy. 2. Deploy a new policy with the same configuration, then attach this policy to topologies that used the old policy. 3. For the impacted BIG-IP, remove the SSLO service from BIG-IQ, then re-discover and import the impacted BIG-IP.
None