Bug ID 442157: Incorrect assignment of ASM policy to virtual server

Last Modified: Oct 10, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1

Fixed In:
11.6.0, 11.5.3

Opened: Jan 05, 2014
Severity: 3-Major

Symptoms

Incorrect assignment of ASM policy to LTM virtual server occurs when it is managed from the Local Traffic > Virtual Servers > Virtual Server List > <vs_name> > Security > Policies screen when the same ASM policy is assigned to multiple LTM virtual servers by the means of a single LTM policy (L7 policy).

Impact

Changes are applied to all LTM virtual servers that are assigned with the relevant LTM policy (L7 policy) instead of changing only the currently managed LTM virtual server.

Conditions

ASM is provisioned, and an ASM policy is assigned to multiple LTM virtual servers by the means of a single LTM policy (L7 policy).

Workaround

Assignment of ASM policies to LTM policies and to LTM virtual can be handled from the following screens: 1) LTM policies: Local Traffic > Policies > Policy List > <L7_policy_name> > Properties 1) LTM virtuals: Local Traffic > Virtual Servers > Virtual Server List > <vs_name> > Resources

Fix Information

The assignment of an ASM policy to an LTM virtual server at from Local Traffic > Virtual Servers > Virtual Server List > <vs_name> > Security > Policies is now NOT available when there is a one-to-many relationship between the underlying LTM policy to LTM virtual servers/ASM policies. In addition, the message 'Manual Configuration (Advanced)' is displayed in the 'Application Security Policy' field on that screen.

Behavior Change