Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 11.6.1
Opened: Jun 24, 2015 Severity: 3-Major
When deactivating a security policy via REST, and the policy is assigned to a virtual server, then BIG-IP reports the following error: ---------------------------- "MCP Validation error - 01071726:3: Cannot deactivate policy action '/Common/<VS_name>'. It is in use by ltm policy '/Common/<L7_policy_name>'.", ---------------------------- However, the security policy becomes inactive and remains assigned to virtual server. This will cause the virtual server to stop processing network traffic, and there will be the following errors in 'bd.log': ---------------------------- BD_MISC|ERR |Jun 24 12:53:35.698|17566|src/acc_reject_policy.c:0165|Account id 10 has no reject policy configured. Cannot get data ----------------------------
An inactive security policy remains assigned to a Virtual Server
ASM provisioned, with a security policy assigned to a Virtual Server, then the security policy is deactivated via the REST API
Deactivate the security policy via GUI at: 'Security :: Application Security : Security Policies : Active Policies':
The deactivation of a security policy using the REST API now removes the association of the deactivated policy from the virtual server, resulting in no errors and consistent configuration state.