Bug ID 450779: PEM source or destination flow filter attempts match against both source and destination IPs of a flow

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP PEM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1

Fixed In:
11.6.0, 11.5.3 HF2

Opened: Feb 28, 2014
Severity: 2-Critical

Symptoms

In the event that the source and destination IPs fall in the same range, it is possible that a source-IP (or destination-IP) based flow-filter may match against the destination-IP (or source-IP) of the packet resulting in potentially wrong flows receiving a policy.

Impact

A wrong flow may have inappropriate policies applied to it.

Conditions

Source and Destination networks must have overlapping prefix(es)

Workaround

None

Fix Information

The bug is fixed and given to the customer as 11.5.0-18 HF.

Behavior Change