Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6
Fixed In:
17.5.0, 17.1.1
Opened: Dec 29, 2022 Severity: 2-Critical
If a large number of rules and rule-lists are configured, it takes more than 10 minutes to display the output with rule-numbers. Ex: tmsh - "list security firewall rule-list" icrd - "restcurl -u admin /tm/security/firewall/rule-list" AFM service discovery of BIG-IP fails in BIG-IQ when upgraded to a newer version.
AFM service discovery from BIG-IQ fails on upgrade.
- AFM license is enabled - Large number of rules and rule-lists are configured
-
The rule-number feature is used in TMSH or icrd. The default CLI command and REST query are modified to not generate rule-number straight away. This considerably improves the performance when BIG-IQ discovers AFM service from BIG-IP and when a large number of rules and rule-lists are configured. TMSH users can list the rules, rule-list, and policy with rule-number by adding the 'with-rule-number' CLI option. BIG-IQ and TMUI are not affected due to this change.