Bug ID 538566: Timer policy rule with "unspecified" idle-timeout

Last Modified: Oct 16, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 12.0.0 HF3

Opened: Aug 07, 2015

Severity: 3-Major

Symptoms

If a timer policy has a protocol or port specific rule, with idle-timeout configured as "unspecified" and "all-other" rule as well, the timeout applied to the flow must be the Idle Timeout as configured in default "Protocol Profiles" configuration.

Impact

The idle timeout policy enforcement does not happen as expected with this specific rule combination.

Conditions

1. If a timer policy configuration has a protocol or destination port specific rule with idle-timeout configured as "unspecified" and if there is an "all-other" rule as well configured in the same policy and 2. A connection that matches timer policy rule with "unspecified" idle-timeout value.

Workaround

It is recommended not to have any Timer Policy Rule with "unspecified" timeout value.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips