Bug ID 464735: Errors and unavailable virtual server upon deactivation of ASM policy that is assigned to a non-default rule of L7 policy

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1

Fixed In:
11.6.0, 11.5.3

Opened: May 29, 2014
Severity: 2-Critical

Symptoms

When trying to deactivate a policy used in a non-default L7 policy, you get the following error, and the policy is deactivated: "MCP Validation error - 01071726:3: Cannot deactivate policy action '/Common/vs126'. It is in use by ltm policy '/Common/l7_policy'." In addition, the virtual server becomes unavailable after the deactivation.

Impact

Virtual server is unavailable. ASM policy assigned to the LTM virtual server is broken.

Conditions

ASM is provisioned. ASM policy is assigned to a non-default L7 policy.

Workaround

Prior to the deactivation of such an ASM policy, remove it from all L7 policies from the following screen: Local Traffic > Policies > Policy List > <L7_policy_name> > Properties.

Fix Information

The deactivation of an ASM policy that is assigned to a non-default rule in an LTM policy produces a verbose and meaningful error message, and the virtual server is now available after the deactivation.

Behavior Change