Bug ID 487233: vCMP guests are unable to access NTP or RSYNC via their management network.

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP vCMP(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 11.6.0 HF5

Opened: Oct 28, 2014
Severity: 2-Critical
Related AskF5 Article:


Attempts to access an external NTP server or RSYNC server from within a vCMP guest over the management network fails to pass traffic.


vCMP guests are unable to configure an external NTP server reachable over the management network.


This issue affects vCMP guests running any BIG-IP software version when running on a vCMP hypervisor running software version 11.6.0.


An NTP server may be configured using a self-ip and the data plane network without issue. If access is required via the management port, execute the following steps: 1) Add the commands iptables -t nat -D PREROUTING -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT iptables -t nat -I PREROUTING 1 -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT to /config/startup on the vCMP hypervisor. This will ensure the workaround persists across reboots. 2) Run the following command at the vCMP hypervisor bash prompt: clsh iptables -t nat -I PREROUTING 1 -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT Rebooting the hypervisor or affected guests is not required.

Fix Information

An issue has been corrected which affected NTP and RSYNC access via the management network in vCMP guests.

Behavior Change