Bug ID 529610: On HA setups ASM session tracking page display an empty list when in fact there are asm entries in session db

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8

Fixed In:
12.0.0 HF3, 12.0.0, 11.6.1, 11.5.4

Opened: Jun 24, 2015
Severity: 3-Major
Related Article:
K32565535

Symptoms

When session tracking actions are enabled in ASM policy, an HTTP request may be blocked based on HTTP session or username and illegal traffic that has been sent from this session. The blocked request is reported in the security events log, but there is no option to release the username using the Configuration utility.

Impact

Usernames and HTTP sessions are blocked by ASM without an option to release them from the Configuration utility.

Conditions

High availability (HA) setup, and ASM with Session tracking actions enabled.

Workaround

Stop and start tmm on all devices in the HA group by running the following commands: -- bigstart stop tmm -- bigstart start tmm

Fix Information

Using the Configuration utility, BIG-IP system administrators can now release blocked usernames and sessions. This is done on the Session Tracking Status screen.

Behavior Change