Bug ID 432208: LTM Virtual Server: attaching Policy that controls ASM produces validation error regarding "websecurity" profile

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.5.0

Opened: Sep 30, 2013
Severity: 3-Major
Related AskF5 Article:
K14860

Symptoms

If you remove an LTM Policy that controls ASM in TMSH and then attempt to add and LTM Policy that controls ASM in the GUI you will get a validation error stating that the "/Common/websecurity" profile is already attached.

Impact

You will not be able to use the GUI to add an LTM policy that controls ASM after removing an LTM policy that controls ASM using TMSH, unless you also remove the websecurity profile with TMSH.

Conditions

Use TMSH to remove an LTM policy that controls ASM, followed by an attempt to add an LTM policy that controls ASM using the GUI.

Workaround

1. Use GUI only to add and remove LTM policies. Mixing the use of TMSH and GUI to manage LTM policy attachment for policies that control ASM is problematic. 2. Use TMSH to remove the websecurity profile after using TMSH to remove the LTM policy that control ASM

Fix Information

The websecurity profile must be attached to a Virtual Server before you can attach an LTM policy that controls ASM. If you attach and detach LTM policies controlling ASM in the GUI that attach/detach will be done automatically for you. If you remove the policy with TMSH, the websecurity profile will remain attached. In the next release, the GUI will detect an existing websecurity profile and not attempt to add it again to avoid the validation error.

Behavior Change