Bug ID 498361: Manage ASM security policies from BIG-IQ

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM, BIG-IQ(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2

Fixed In:
11.5.2 HF1

Opened: Dec 24, 2014
Severity: 2-Critical

Symptoms

Certain aspects of ASM Security Policies on BIG-IP 11.5.2 cannot be managed by BIG-IQ Security.

Impact

BIG-IQ Security cannot effectively manage ASM on BIG-IP 11.5.2.

Conditions

Using BIG-IQ Security to manage ASM on BIG-IP 11.5.2.

Workaround

None.

Fix Information

New ASM security policies can now be created by BIG-IQ version 4.5. Currently, discovery of 11.5.2 HF1 by a 4.5 BIG-IQ is disabled by default on the BIG-IP system, and can be turned on by changing the rest_api_extensions option to '1' on the Advanced Configuration/System Variables screen in the ASM user interface (navigate to Security: Options: Application Security: Advanced Configuration: System Variables) on the BIG-IP system. After saving the change, the user is instructed to do a 'tmsh restart sys service asm'. Additionally, the user should restart the httpd service via: 'bigstart restart httpd'.

Behavior Change