Bug ID 519890: The DoS Device whitelist does not work for a system in vCMP mode.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Opened: Apr 24, 2015
Severity: 4-Minor

Symptoms

The DoS Device whitelist does not work for a system in vCMP mode except on VIPRION 2250 platforms. The DoS whitelist must not contain any entries if provisioning vCMP.

Impact

DoS Device Whitelist does not work.

Conditions

vCMP and a populated DoS Device whitelist on platforms other than the VIPRION 2250.

Workaround

There is 1 workaround to configure a DoS WhiteList on the hypervisor through the following link on the hypervisor: https://bigIpaddress/tmui/Control/jspmap/tmui/security/dos_protection/white_list/list.jsp Then, all the vCMP guests will get the same DoS WhiteList that has been configured in the hypervisor. Please note that once the DoS WhiteList has been configured in the hypervisor, you should NOT configure a separate DoS WhiteList in the vCMP guests. You can and should configure the same WhiteList in the vCMP guests for the SW only DoS vectors.

Fix Information

None

Behavior Change