Bug ID 421016: AFM + APM configurations and traffic drop

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP AFM, APM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10

Fixed In:
11.6.0, 11.4.1 HF4

Opened: May 13, 2013

Severity: 2-Critical

Related Article: K14365

Symptoms

Currently, when the Network Firewall is configured in Firewall mode (default deny), Access Policy Manager (APM) traffic might be dropped. The Network Firewall does work with APM when configured in ADC mode (default allow for self IPs and virtual servers).

Impact

When this occurs, users are unable to access BIG-IP APM configured services.

Conditions

Logon for BIG-IP APM resources may not function when the BIG-IP APM is configured in conjunction with the BIG-IP AFM module.

Workaround

There is no workaround.

Fix Information

Previously, when the Network Firewall was configured in Firewall mode (default deny), Access Policy Manager (APM) traffic could be dropped. Issues with this configuration no longer occur.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips