Bug ID 451257: ASM BD process may crash on missing cookie protection config data when traffic is being passed.

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10

Fixed In:
11.6.0, 11.5.2

Opened: Mar 05, 2014

Severity: 2-Critical

Related Article: K72802264


ASM BD process may crash on missing cookie protection config data when traffic is being passed. Error messages in /ts/log/bd.log BD_MISC|NOTICE|Mar 04 14:42:27.913|29378|temp_func.c:0688|-- EMPTY TABLE: CONFIG_TYPE_DB_SECURITY_SERVER ack num 123 DATA_PROTECT|ERR |Mar 04 14:42:27.913|29378|src/data_protect_conf.c:0390|context_init: Error opening file '/ts/var/account/data_protection/data_protection_1d71cdd6c19765a8298828aacdc01d82': No such file or directory DATA_PROTECT|ERR |Mar 04 14:42:27.913|29378|src/data_protect_api.c:0020|data_protect_context_init: failed to initialize security context.


The initial sync state for ASM in a device group does not resolve successfully. ASM starts breaking connections for which customer removed all of the ASM config and re-imported it. Upon the first request, trying to apply the crypto BD crashes.


This is a rare condition where DATA_PROTECT_cookie config is missing from the config and traffic is being passed on a multi-bladed system.


Try one of the following workarounds: -- Issue the following command: bigstart restart asm. -- Complete the following procedure: 1. On the device group environment with the correct ASM config, turn off ASM sync for the device group. 2. Enable 'Full Sync'. 3. Turn on ASM sync for the device group. 4. Push the configuration.

Fix Information

This release fixes an issue where, during stress, the Enforcer intermittently crashed on the secondary blade of a multi-blade unit.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips