Bug ID 494786: HW Accelerated Auto-Blacklist (aka shun list) on VS acts before global and RD contexts

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.2, 12.1.1, 12.1.0, 12.0.0

Opened: Dec 05, 2014

Severity: 4-Minor


A hardware accelerated auto-blacklist policy assigned to a virtual server will act before policies attached to contexts that would normally act first. In software, Global IPI and ACL act before Route Domain IPI and ACL, and VS IPI and ACL act last. But hardware acts before software, and IPI-enforced auto-blacklisting implemented in HW will act before global and route domain policies implemented in software.


Unexpected order of policy actions.


SPVA, auto-blacklisting enabled in Single Endpoint Sweep vector.



Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips