Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Opened: Apr 24, 2015 Severity: 4-Minor
The DoS Device whitelist does not work for a system in vCMP mode except on VIPRION 2250 platforms. The DoS whitelist must not contain any entries if provisioning vCMP.
DoS Device Whitelist does not work.
vCMP and a populated DoS Device whitelist on platforms other than the VIPRION 2250.
There is 1 workaround to configure a DoS WhiteList on the hypervisor through the following link on the hypervisor: https://bigIpaddress/tmui/Control/jspmap/tmui/security/dos_protection/white_list/list.jsp Then, all the vCMP guests will get the same DoS WhiteList that has been configured in the hypervisor. Please note that once the DoS WhiteList has been configured in the hypervisor, you should NOT configure a separate DoS WhiteList in the vCMP guests. You can and should configure the same WhiteList in the vCMP guests for the SW only DoS vectors.
None