Bug ID 526277: AFM attack may never end on AVR dos overview page in a chassis based BIG-IP

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6

Opened: Jun 03, 2015
Severity: 3-Major


In a BIG-IP chassis, it is possible that the AFM "attack started" event and "attack stopped" event happen on two different slots of the chassis. In that case avrd is not able to detect and report "attack stopped" event and the user would continue to see "attack ongoing" in the DoS Overview Page.


User will get confused when he see that the AFM DoS Overview Page still shows the attack as ongoing when it has actually stopped.


This will only happen in a BIG-IP chassis based system with multiple slots, and if the AFM DoS "attack started" and "attack stopped" events are given to different slots.


No workaround

Fix Information

With this change the bug has been fixed and now the AFM DoS Overview Page will always know when a attack has stopped.

Behavior Change