Last Modified: Nov 02, 2023
Known Affected Versions:
15.1.7, 15.1.8, 184.108.40.206, 220.127.116.11, 15.1.9, 18.104.22.168, 15.1.10, 22.214.171.124
Opened: Dec 29, 2022 Severity: 2-Critical
If a large number of rules and rule-lists are configured, it takes more than 10 minutes to display the output with rule-numbers. Ex: tmsh - "list security firewall rule-list" icrd - "restcurl -u admin /tm/security/firewall/rule-list" AFM service discovery of BIG-IP fails in BIG-IQ when upgraded to a newer version.
AFM service discovery from BIG-IQ fails on upgrade.
- AFM license is enabled - Large number of rules and rule-lists are configured
The rule-number feature is used in TMSH or icrd. The default CLI command and REST query are modified to not generate rule-number straight away. This considerably improves the performance when BIG-IQ discovers AFM service from BIG-IP and when a large number of rules and rule-lists are configured. TMSH users can list the rules, rule-list, and policy with rule-number by adding the 'with-rule-number' CLI option. BIG-IQ and TMUI are not affected due to this change.