Bug ID 532096: Machine Certificate Checker is not backward compatible with 11.4.1 (and below) when MatchFQDN rule is used

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 12.0.0, 11.6.0 HF6, 11.5.3 HF2

Opened: Jul 07, 2015

Severity: 3-Major

Symptoms

Machine Certificate Checker (client side) is not backward compatible with BIG-IP 11.4.1 and earlier when MatchFQDN rule is used

Impact

Machine Certificate checker agent may fail. Policy goes wrong way.

Conditions

Machine Certificate checker agent uses MatchFQDN rule in Access Policy of BIG-IP version 11.4.1 and earlier. New BIG-IP Edge Client (version greater than 11.4.1) is used against old BIG-IP.

Workaround

None

Fix Information

Fixed issue causing Machine Certificate checker agent backward incompatibility.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips