Last Modified: May 29, 2024
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.4.0, 11.4.1
Fixed In:
11.6.0, 11.5.1, 11.5.0 HF1, 11.4.1 HF9
Opened: Jan 24, 2014 Severity: 3-Major Related Article:
K15494
"state" value in the session variables of software check results never gets updated. When endpoint executes a access policy that is configured for doing any software check (e.g. antivirus, anti-spyware, firewall, patch management, peer-to-peer, health agent and disk encryption) then after executing this software check result session variables are produced, e.g.: <session ID>.session.check_software.last.<software type>.state 1 0 <session ID>.session.check_software.last.<software type>.result 1 1 <session ID>.session.check_software.last.<software type>.count 1 1 <session ID>.session.check_software.last.<software type>.error 1 0 In these session variables value of "state" always remain the same. So if access policy is check if the value of this will ever be 1 then access policy will fail.
Access policy failure
software check (antivirus, anti-spyware, firewall, patch management, peer-to-peer, health agent and disk encryption) configured on BIG-IP access policy and endpoint executes this access policy.
Don't use this deprecated session variable (it exist for backward compatibility) but rather configure your access policy to match the state correctly. If you want to verify that "state" of any software check (antivirus, anti-spyware, firewall, patch management, peer-to-peer, health agent and disk encryption) is "enabled" then configure the access policy and change the state to "enabled".
The "state" value in the session variables created after a software check (antivirus, anti-spyware, firewall, patch management, peer-to-peer, health agent and disk encryption) now contains the state of the specified product.