Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0
Fixed In:
12.1.0, 12.0.0 HF1, 11.6.1 HF1
Opened: Nov 25, 2014 Severity: 3-Major
If you modify the firewall policy of a route domain, and then sync, then it may be removed rather than changed on devices receiving the sync.
Firewall rules may be removed.
This affects full load sync (full load checkbox is enabled, or the 'Overwrite Configuration' option was selected), but not incremental sync.
Set the policy to none, sync, then set it to the desired value and sync again.
If you modify the firewall policy of a route domain, and then sync, then it could be removed rather than changed on devices receiving the sync. This no longer happens.