Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.0.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 12.0.0 HF1, 11.6.1 HF1
Opened: Nov 25, 2014 Severity: 3-Major
If you modify the firewall policy of a route domain, and then sync, then it may be removed rather than changed on devices receiving the sync.
Firewall rules may be removed.
This affects full load sync (full load checkbox is enabled, or the 'Overwrite Configuration' option was selected), but not incremental sync.
Set the policy to none, sync, then set it to the desired value and sync again.
If you modify the firewall policy of a route domain, and then sync, then it could be removed rather than changed on devices receiving the sync. This no longer happens.