Last Modified: Dec 05, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2
Opened: Nov 20, 2023 Severity: 3-Major
After upgrade from BIG-IP 17.1.0.1 to higher versions (like 17.1.0.2 or 17.1.0.3) below compliances are deprecated with "action" configured other than default value: gtp_allowed_apns gtp_disallowed_apns gtp_disallowed_imsi This issue is not encountered when directly installing BIG-IP 17.1.0.2.
These compliances are removed and cannot be used.
- BIG-IP 17.1.0.1 is installed - Create a protocol inspection profile with GTP compliance. - Change action for gtp_allowed_apns, gtp_disallowed_apns and gtp_disallowed_imsi other than default value and commit these changes. - Upgrade to BIG-IP 17.1.0.2 or other higher versions. - Deprecated becomes "yes".
If the active version on BIG-IP 17.1.0.2 with an IPS Profile created, then do the following: 1) Change the Action to default "Don't Inspect" for all 3 affected compliances in profile and commit the changes. 2) Install BIG-IP 17.1.0.2. 3) Upgrade to BIG-IP v17.1.0.2. 4) Now change the action value as per the requirement (Accept/Reject/Drop) and commit the changes.
None