Bug ID 1069113: ASM process watchdog should be less aggressive

Last Modified: Apr 24, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,,,

Opened: Dec 20, 2021

Severity: 3-Major


During standard operation a process is expected to exit and be restarted once it has exceeded a certain memory limit. As a failsafe, the watchdog forcefully kills the process if it exceeds a higher threshold. But if the handler was running close to the memory limit before a resource-intensive event like a full sync load, this operation could push it over both limits.


A process may be killed in the middle of a data-integrity sensitive action, like a device-group sync, which can leave the system in a corrupt state.


An ASMConfig handler is running close to the memory limit before a resource intensive event, like a full sync load.


Modify the memory limits in nwd.cfg to raise it by 100 MB. To load the configuration change, restart the asm_config_server process. Impact of workaround: Performing the following procedure should not have a negative impact on your system: 1. Log in to the BIG-IP system command line. 2. To restart the asm_config_server process, type the following command: "pkill -f asm_config_server" Note : Restarting the asm_config_server process does not disrupt traffic processing. The BIG-IP ASM watchdog process automatically restarts the asm_config_server process within 10 to 15 seconds.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips