Bug ID 519890: The DoS Device whitelist does not work for a system in vCMP mode.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Opened: Apr 24, 2015

Severity: 4-Minor

Symptoms

The DoS Device whitelist does not work for a system in vCMP mode except on VIPRION 2250 platforms. The DoS whitelist must not contain any entries if provisioning vCMP.

Impact

DoS Device Whitelist does not work.

Conditions

vCMP and a populated DoS Device whitelist on platforms other than the VIPRION 2250.

Workaround

There is 1 workaround to configure a DoS WhiteList on the hypervisor through the following link on the hypervisor: https://bigIpaddress/tmui/Control/jspmap/tmui/security/dos_protection/white_list/list.jsp Then, all the vCMP guests will get the same DoS WhiteList that has been configured in the hypervisor. Please note that once the DoS WhiteList has been configured in the hypervisor, you should NOT configure a separate DoS WhiteList in the vCMP guests. You can and should configure the same WhiteList in the vCMP guests for the SW only DoS vectors.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips