Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.4.0, 11.4.1
Fixed In:
11.5.0
Opened: Sep 30, 2013 Severity: 3-Major Related Article:
K14860
If you remove an LTM Policy that controls ASM in TMSH and then attempt to add and LTM Policy that controls ASM in the GUI you will get a validation error stating that the "/Common/websecurity" profile is already attached.
You will not be able to use the GUI to add an LTM policy that controls ASM after removing an LTM policy that controls ASM using TMSH, unless you also remove the websecurity profile with TMSH.
Use TMSH to remove an LTM policy that controls ASM, followed by an attempt to add an LTM policy that controls ASM using the GUI.
1. Use GUI only to add and remove LTM policies. Mixing the use of TMSH and GUI to manage LTM policy attachment for policies that control ASM is problematic. 2. Use TMSH to remove the websecurity profile after using TMSH to remove the LTM policy that control ASM
The websecurity profile must be attached to a Virtual Server before you can attach an LTM policy that controls ASM. If you attach and detach LTM policies controlling ASM in the GUI that attach/detach will be done automatically for you. If you remove the policy with TMSH, the websecurity profile will remain attached. In the next release, the GUI will detect an existing websecurity profile and not attempt to add it again to avoid the validation error.