Bug ID 502852: Deleting an in-use custom policy template

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.4

Opened: Jan 25, 2015
Severity: 3-Major

Symptoms

If a user tries to delete a custom policy template while there are still security policies in the system that were created from that template, the delete will fail. This also leaves the custom template in an unusable state that can neither be used to create further Policies nor can it ever be deleted.

Impact

The custom template becomes unusable for creating new policies, and cannot be deleted even after there are no longer any policies created from it left on the system.

Conditions

A security policy exists on the system that was created from a custom template. The user then tries to delete the template before removing the policy from the system.

Workaround

Contact support for a script that will disassociate all user defined policy templates from existing policies. This will allow any user defined template to be successfully deleted.

Fix Information

If you fail to delete a custom policy template because an existing security policy refers to it, it no longer leaves the custom policy template in an unusable state.

Behavior Change