Bug ID 534943: HA traffic dropped by Global default deny rule

Last Modified: Jun 04, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:

Opened: Jul 24, 2015
Severity: 3-Major


AFM drops HA heartbeat packets on Self IP addresses when a default deny rule matches traffic on the Global context.


Best practice is to set up CMI traffic over both management and TMM interfaces. This takes the TMM interfaces out.


HA configuration with sod traffic routed over TMM controlled interfaces with a default deny rule and no rule explicit permitting HA traffic.


As a workaround, explicitly enable the default rules permitting traffic between HA peers.

Fix Information


Behavior Change