Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM, BIG-IQ
Known Affected Versions:
11.6.2 HF1
Fixed In:
11.5.2 HF1
Opened: Dec 24, 2014 Severity: 2-Critical
Certain aspects of ASM Security Policies on BIG-IP 11.5.2 cannot be managed by BIG-IQ Security.
BIG-IQ Security cannot effectively manage ASM on BIG-IP 11.5.2.
Using BIG-IQ Security to manage ASM on BIG-IP 11.5.2.
None.
New ASM security policies can now be created by BIG-IQ version 4.5. Currently, discovery of 11.5.2 HF1 by a 4.5 BIG-IQ is disabled by default on the BIG-IP system, and can be turned on by changing the rest_api_extensions option to '1' on the Advanced Configuration/System Variables screen in the ASM user interface (navigate to Security: Options: Application Security: Advanced Configuration: System Variables) on the BIG-IP system. After saving the change, the user is instructed to do a 'tmsh restart sys service asm'. Additionally, the user should restart the httpd service via: 'bigstart restart httpd'.