Bug ID 1215161: A new CLI option introduced to display rule-number for policy, rules and rule-lists

Last Modified: Apr 17, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,

Fixed In:

Opened: Dec 29, 2022

Severity: 2-Critical


If a large number of rules and rule-lists are configured, it takes more than 10 minutes to display the output with rule-numbers. Ex: tmsh - "list security firewall rule-list" icrd - "restcurl -u admin /tm/security/firewall/rule-list" AFM service discovery of BIG-IP fails in BIG-IQ when upgraded to a newer version.


AFM service discovery from BIG-IQ fails on upgrade.


- AFM license is enabled - Large number of rules and rule-lists are configured



Fix Information

The rule-number feature is used in TMSH or icrd. The default CLI command and REST query are modified to not generate rule-number straight away. This considerably improves the performance when BIG-IQ discovers AFM service from BIG-IP and when a large number of rules and rule-lists are configured. TMSH users can list the rules, rule-list, and policy with rule-number by adding the 'with-rule-number' CLI option. BIG-IQ and TMUI are not affected due to this change.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips