Bug ID 509600: Global rule association to policy is lost after loading config.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6, 11.5.4

Opened: Feb 26, 2015
Severity: 3-Major

Symptoms

The association of a global rule to a policy appears to be lost after loading a config by directly loading, saving, upgrading, and config syncing. As a result of this issue, you may encounter the following symptom: After re-enabling a global policy and waiting for an unspecified period of time, you observe that the policy is disabled again.

Impact

Policies are removed from enforcement in the global context.

Conditions

This occurs when you associate a global rule with a policy, and then initiate an operation that causes config load.

Workaround

To work around this issue, you can add back the rules manually, or, if you have not configured a route domain, you can apply route domain rules to Route Domain 0, which is effectively the same as the global rule context when no other route domains are configured. Impact of workaround: If you have other route domains configured, Route Domain 0 is no longer usable as a global context.

Fix Information

The association of a global rule to a policy is now retained after loading a config by directly loading, saving, upgrading, and config syncing.

Behavior Change