Bug ID 1400337: GTP compliances are deprecated after BIG-IP version upgrade

Last Modified: Sep 27, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Opened: Nov 20, 2023

Severity: 3-Major

Symptoms

After upgrade from BIG-IP 17.1.0.1 to higher versions (like 17.1.0.2 or 17.1.0.3) below compliances are deprecated with "action" configured other than default value: gtp_allowed_apns gtp_disallowed_apns gtp_disallowed_imsi This issue is not encountered when directly installing BIG-IP 17.1.0.2.

Impact

These compliances are removed and cannot be used.

Conditions

- BIG-IP 17.1.0.1 is installed - Create a protocol inspection profile with GTP compliance. - Change action for gtp_allowed_apns, gtp_disallowed_apns and gtp_disallowed_imsi other than default value and commit these changes. - Upgrade to BIG-IP 17.1.0.2 or other higher versions. - Deprecated becomes "yes".

Workaround

If the active version on BIG-IP 17.1.0.2 with an IPS Profile created, then do the following: 1) Change the Action to default "Don't Inspect" for all 3 affected compliances in profile and commit the changes. 2) Install BIG-IP 17.1.0.2. 3) Upgrade to BIG-IP v17.1.0.2. 4) Now change the action value as per the requirement (Accept/Reject/Drop) and commit the changes.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips