Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP TMOS
Known Affected Versions:
16.1.0, 16.1.1
Fixed In:
17.0.0, 16.1.2
Opened: Jun 30, 2021
Severity: 2-Critical
IPsec traffic selector state can be viewed in the config utility or by tmsh with the "tmsh show net ipsec traffic-selector" command. On an high availability (HA) standby device, some selector states may be incorrect.
There is no functional impact. The issue is that a selector may incorrectly appear down in one or both directions.
-- High availability (HA) environment -- Standby reboots or in some way, such as a tmm restart, is forced to re-learn all the mirrored IPsec security associations (SAs).
When the tunnel re-keys on the high availability (HA) active device, the selector state shows the correct value.
IPsec traffic selectors show the correct state after the high availability (HA) standby device reboots.