Bug ID 534943: HA traffic dropped by Global default deny rule

Last Modified: May 22, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
11.4.1

Opened: Jul 24, 2015
Severity: 3-Major

Symptoms

AFM drops HA heartbeat packets on Self IP addresses when a default deny rule matches traffic on the Global context.

Impact

Best practice is to set up CMI traffic over both management and TMM interfaces. This takes the TMM interfaces out.

Conditions

HA configuration with sod traffic routed over TMM controlled interfaces with a default deny rule and no rule explicit permitting HA traffic.

Workaround

As a workaround, explicitly enable the default rules permitting traffic between HA peers.

Fix Information

None

Behavior Change