Bug ID 526277: AFM attack may never end on AVR dos overview page in a chassis based BIG-IP

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6

Opened: Jun 03, 2015

Severity: 3-Major


In a BIG-IP chassis, it is possible that the AFM "attack started" event and "attack stopped" event happen on two different slots of the chassis. In that case avrd is not able to detect and report "attack stopped" event and the user would continue to see "attack ongoing" in the DoS Overview Page.


User will get confused when he see that the AFM DoS Overview Page still shows the attack as ongoing when it has actually stopped.


This will only happen in a BIG-IP chassis based system with multiple slots, and if the AFM DoS "attack started" and "attack stopped" events are given to different slots.


No workaround

Fix Information

With this change the bug has been fixed and now the AFM DoS Overview Page will always know when a attack has stopped.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips