Last Modified: Feb 03, 2026
Affected Product(s):
BIG-IP APM, Install/Upgrade
Known Affected Versions:
17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.1.3.1
Opened: Jan 22, 2026 Severity: 2-Critical
After upgrading BIG-IP APM from version 17.1.2 to 17.1.3, the APM directories /var/apm/lib and /var/apm/www are missing. The system shows an empty EPSEC version (apm.epsec.version = ""), and APM functionality is impacted. This issue occurs on both units in an HA pair.
Endpoint security checks cannot be performed, APM policies and access profiles may fail to function properly, and end users may be unable to access APM-protected resources.
This issue occurs when all of the following conditions are met: 1. BIG-IP APM is running version 17.1.2 (default EPSEC package version 1749) 2. EPSEC package version 1915 was uploaded via GUI but not installed on the 17.1.2 system 3. System is upgraded to version 17.1.3 (which has EPSEC 1915 as the default package) 4. The upgrade creates an upload marker for EPSEC 1915 in the configuration filestore
Upload and install a newer EPSEC package (version 1941 or later) via the GUI: 1. Navigate to Access > System > File Management > Endpoint Software Management 2. Upload a newer EPSEC package (e.g., epsec-1.0.0-1941.0.iso or later) 3. Install the uploaded package 4. Verify the directories are created: ls -l /var/apm/ 5. Confirm EPSEC version: tmsh list sys db apm.epsec.version
None