Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
12.0.0
Fixed In:
12.0.0
Opened: Dec 09, 2014 Severity: 4-Minor
Address list white list can't be supported when there is support of DOS in hardware. To meet this condition, the system must have non-sPVA but DOS capable HSB (e.g. B2100 blade), and db variable dos.forceswdos is set to false. System will check the above condition and reject the command upon receiving TMSH or GUI config. Also, if dos.forceswdos is turned to false when there is address list white list, the system will remove the white list and gives out warning. The above check is also valid for some systems that have non-DOS capable HSBs (e.g, 2000,4000 platforms). To workaround this, never set dos.forceswdos to false (setting it to false has no meaning since the system has no hardware DOS capability at all).
Whitelist is rejected.
B2100 blades, 2000 or 4000 platforms with AFM enabled, whitelist enabled, and dos.forceswdos set to false.
Ensure dos.forceswdos is set to true.
BIG-IP will now throw a validation error if dos.forceswdos is set to false.