Symptoms

The custom settings in an SMTP profile appear to be overwritten by the parent settings when the unit is re-licensed and configuration reloaded e.g. via a 'tmsh load sys config' or a license activation in the GUI. If the parent profile ("smtp") has security enabled and a child has "Custom" selected and security disabled then I would expect the config to show "security disabled" when it shows no entry at all; I think this leads to the GUI and configuration showing inconsistent states.

Impact

Unexpected profile smtp behavior after load

Conditions

Take an 11.4.1 box Go to Local Traffic -> Profiles -> Services -> SMTP Select the system default profile ("smtp") and enable Protocol Security, click Save Create a new SMTP profile, check "Custom" for Protocol Security and Uncheck "Protocol Security" The GUI now shows Security as disabled, tmsh shows no setting for security (which I believe means it should inherit from the parent, i.e. the GUI shows "off", tmsh shows "on"): # tmsh list ltm profile ltm profile smtp smtp { defaults-from none security enabled } ltm profile smtp test { defaults-from /Common/smtp } Reload the configuration with "tmsh load sys config" or reactivate the license on the unit Go to Local Traffic -> Profiles -> Services -> SMTP Select the new SMTP profile, note that "Custom" is no longer checked and Protocol Security is shown as enabled (inherited from the parent profile) and tmsh shows: # tmsh list ltm profile ltm profile smtp smtp { defaults-from none security enabled } ltm profile smtp test { defaults-from /Common/smtp security enabled }

Workaround

Modify ltm profile smtp security after load to return it to the original state, or setup inheritance dependencies in such a way that the parent profile uses the default security value and the child profile uses a non-default security value.

Fix Information

Profile SMTP custom settings are now saved to the config and restored after a configuration load.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips