Bug ID 2144397

Bug Tracker
ID 2144397

Bug ID 2144397: Problems compiling firewall policies when they contain rules using huge address lists

Last Modified: Dec 13, 2025

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
17.1.2.2, 17.1.3

Opened: Nov 06, 2025

Severity: 2-Critical

Symptoms

Firewall rule compilation hangs indefinitely with high CPU usage, when large address lists (~100k entries) are used. With significant number of duplicate firewall policies.

Impact

Prevents deployment or updates of firewall policies, blocking operations.

Conditions

Occurs on BIG-IP AFM (17.1.2) when firewall policies reference very large address lists as rule sources.

Workaround

None

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips