Last Modified: Jun 19, 2025
Affected Product(s):
BIG-IP ASM, LTM, WAM
Known Affected Versions:
11.4.0, 11.4.1
Opened: May 11, 2013 Severity: 3-Major
When restoring a UCS archive containing HTTP classes onto v11.4.0 that cannot be successfully rolled forward, the UCS archive installation will fail, but should leave a partially-converted configuration in the on-disk files (/config/bigip.conf). Instead, the configuration files reflect the current running configuration.
Makes the manual workaround process more complex.
- pre-v11.4.0 UCS archive restored onto v11.4.0 or later. - UCS archive contains HTTP classes with regex / glob expressions that cannot be successfully rolled forward. - ASM (and possibly WAM) configuration are present in the UCS archive. - BIG-IP has active ASM configuration running prior to UCS restore.
The configuration should be present in the configuration directory as the ".bak" files (e.g., /config/bigip.conf.bak). These files can be manually restored (to /config/bigip.conf), at which point the configuration should load with the converted policies. (Note: The converted policies will still drop traffic until they are manually converted [by an administrator] into proper Local Traffic Policies.) Alternative workaround (if your setup matches all conditions): 1) Backup the currently running configuration into a UCS and save it. 2) Reset the BIG-IP configuration (i.e., run command 'tmsh load sys config default'). 3) Restore the pre-v11.4.0 UCS archive.
None