Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3
Fixed In:
11.6.0, 11.5.1 HF4
Opened: May 29, 2014 Severity: 3-Major
A new db variable, pccd.rule.debug, was added to display micro-rules and micro-rule numbers for each firewall rule. This is a new debugging facility to help troubleshooting issues in configurations with very large firewall rule sets. The outputs collected can be used to analyze the firewall rules to help us make suggestions on how a configuration can be optimized for better compilation performance.
No impact on the firewall feature. May take some disk spaces if the rule set is large.
The value is 'false' by default. The customer needs to set it to true to enable the debug outputs. The outputs can be found in the directory /var/log/. If the compilation is successful, the file pccd.urule.success will contain the debug outputs. If the compilation fails, the file pccd.urule.fail will contain the debug outputs. A symbolic link pccd.urule.current will always link to the latest successful or failed outputs.
None
A new db variable, pccd.rule.debug, was added to display micro-rules and micro-rule numbers for each firewall rule. This is a new debugging facility to help troubleshooting issues in configurations with very large firewall rule sets. The outputs collected can be used to analyze the firewall rules to help us make suggestions on how a configuration can be optimized for better compilation performance.