Bug ID 1053869: After a Self-IP undergoes a valid address change, its port-lockdown settings are lost.

Last Modified: Jan 10, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.4.1, 13.1.0

Opened: Oct 11, 2021
Severity: 3-Major

Symptoms

A Self-IP that has port-lockdown settings other than 'none' can be pinged, but fails to accept connections to any of the ports that are meant to be open. Note: This issue only affects BIG-IP versions 13.1.x and earlier. However, a similar issue affects later versions, which is tracked by a separate ID (for more information, refer to https://cdn.f5.com/product/bugtracker/ID1016449.html).

Impact

Ports that used to be open and could be used to reach the BIG-IP system are no longer open. For instance, depending on which specific ports were opened, you may now be unable to reach the BIG-IP system GUI (TCP/443) or CLI (TCP/22) via the affected Self-IP.

Conditions

This issue occurs after a Self-IP undergoes an address change via one of the supported methods (e.g. restoring a UCS archive, loading a SCF file, a ConfigSync, etc).

Workaround

Restart TMM on the system to restore correct functionality.

Fix Information

None

Behavior Change