Bug ID 434840: Device Groups: The first manual sync to a peer fails after adding a new Security Policy

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.1

Fixed In:
11.5.0

Opened: Oct 22, 2013

Severity: 3-Major

Symptoms

A race condition exists that may prevent a new Security Policy from correctly being created on a peer device after the configuration has been pushed.

Impact

Configuration between primary device and peer is not synchronized correctly, and a policy may not be enforced as expected in the case of failover.

Conditions

1) Devices are in a Manual Sync, Failover Device Group with ASM sync enabled. 2) A new policy is created on the active device. 3) The configuration is pushed to the peer.

Workaround

Make a spurious change to any policy on the primary device, then push the configuration again.

Fix Information

The race condition has been fixed.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips