Bug ID 450779: PEM source or destination flow filter attempts match against both source and destination IPs of a flow

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP PEM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1

Fixed In:
11.6.0, 11.5.3 HF2

Opened: Feb 28, 2014
Severity: 2-Critical


In the event that the source and destination IPs fall in the same range, it is possible that a source-IP (or destination-IP) based flow-filter may match against the destination-IP (or source-IP) of the packet resulting in potentially wrong flows receiving a policy.


A wrong flow may have inappropriate policies applied to it.


Source and Destination networks must have overlapping prefix(es)



Fix Information

The bug is fixed and given to the customer as 11.5.0-18 HF.

Behavior Change