Bug ID 494786

Bug Tracker
ID 494786

Bug ID 494786: HW Accelerated Auto-Blacklist (aka shun list) on VS acts before global and RD contexts

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.2, 12.1.1, 12.1.0, 12.0.0

Opened: Dec 05, 2014

Severity: 4-Minor

Symptoms

A hardware accelerated auto-blacklist policy assigned to a virtual server will act before policies attached to contexts that would normally act first. In software, Global IPI and ACL act before Route Domain IPI and ACL, and VS IPI and ACL act last. But hardware acts before software, and IPI-enforced auto-blacklisting implemented in HW will act before global and route domain policies implemented in software.

Impact

Unexpected order of policy actions.

Conditions

SPVA, auto-blacklisting enabled in Single Endpoint Sweep vector.

Workaround

None

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips