Bug ID 531848: Call to Apply Policy can be lost and never retried in an autosync device group

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Opened: Jul 06, 2015

Severity: 4-Minor

Symptoms

ASM Changes in an auto-sync device group are sent over a direct channel to a device's peers. In rare conditions it is possible that messages are lost over this channel. Configuration changes have fallbacks to ensure the missing change will be noticed, but there is no such fallback currently for Apply Policy calls. Therefore, if an Apply Policy call goes missing in an autosync group, it will never retry.

Impact

Enforcement changes will not take effect on the peer devices until the next Apply Policy action.

Conditions

ASM sync is configured on an autosync device group.

Workaround

Make a spurious change to the policy and set it active again.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips