Bug ID 493053: Route domains' firewall policies may be removed after sync

Last Modified: Dec 10, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0

Fixed In:
12.1.0, 12.0.0 HF1, 11.6.1 HF1

Opened: Nov 25, 2014
Severity: 3-Major

Symptoms

If you modify the firewall policy of a route domain, and then sync, then it may be removed rather than changed on devices receiving the sync.

Impact

Firewall rules may be removed.

Conditions

This affects full load sync (full load checkbox is enabled, or the 'Overwrite Configuration' option was selected), but not incremental sync.

Workaround

Set the policy to none, sync, then set it to the desired value and sync again.

Fix Information

If you modify the firewall policy of a route domain, and then sync, then it could be removed rather than changed on devices receiving the sync. This no longer happens.

Behavior Change