Bug ID 464735: Errors and unavailable virtual server upon deactivation of ASM policy that is assigned to a non-default rule of L7 policy

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.2

Fixed In:
11.6.0, 11.5.3

Opened: May 29, 2014

Severity: 2-Critical

Symptoms

When trying to deactivate a policy used in a non-default L7 policy, you get the following error, and the policy is deactivated: "MCP Validation error - 01071726:3: Cannot deactivate policy action '/Common/vs126'. It is in use by ltm policy '/Common/l7_policy'." In addition, the virtual server becomes unavailable after the deactivation.

Impact

Virtual server is unavailable. ASM policy assigned to the LTM virtual server is broken.

Conditions

ASM is provisioned. ASM policy is assigned to a non-default L7 policy.

Workaround

Prior to the deactivation of such an ASM policy, remove it from all L7 policies from the following screen: Local Traffic > Policies > Policy List > <L7_policy_name> > Properties.

Fix Information

The deactivation of an ASM policy that is assigned to a non-default rule in an LTM policy produces a verbose and meaningful error message, and the virtual server is now available after the deactivation.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips