Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM, Install/Upgrade
Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0
Opened: Sep 21, 2015 Severity: 3-Major
After upgrading you notice that there are no longer any signatures, even default signatures. ASM configuration may be corrupted upon restart during upgrade; however, BIGIP might be in Active state and there is no indication about the possibly corrupted ASM config.
ASM configuration may be corrupted upon restart during upgrade. BIG-IP might be in Active state and there is no indication about the possibly corrupted ASM config.
This can happen if the BIG-IP is rebooted during upgrade to any version prior to 12.1.0
Re-upgarding will fix the problem.
We added a visible warning, notifying the user of the potentially broken ASM configuration during an upgrade. The following persistent warning notification will appear in the Security GUI top bar (when the Security tab is available), in case an ASM upgrade was interrupted (ungracefully killed, say by a reboot): ------------------------------------ "An upgrade process was interrupted. It is very likely that ASM will start with a severe inconsistent internal state and critical errors."; ------------------------------------ The following persistent error message, will appear in '/avr/log/asm', each time when ASM is started after an ASM upgrade was interrupted (ungracefully killed, say by a reboot): ------------------------------------ "An upgrade process, executed by PID '<pid>', was interrupted on '<date>'. It is very likely that ASM will start with a severe inconsistent internal state and critical errors"; ------------------------------------ The GUI message overrides all other ASM messages; no other warnings or messages will be displayed in Security GUI top bar. However, the Security GUI will be available and functional, to the extent that it can function after an interrupted upgrade. To clear these messages, one needs to perform ONE of the following: -------------------- (1) tmsh load sys config default tmsh save sys config <...wait for the system to first get to the 'INOPERATIVE' state and then wait for the system to get to either 'REBOOT REQUIRED' or 'Active' state...> <...NO NEED TO REBOOT...> tmsh modify sys provision asm level nominal tmsh save sys config <...wait for the system to first get to the 'INOPERATIVE' state and then wait for the system to get to 'Active' state...> (2) tmsh load a (any) UCS file, that has ASM provisioned in it (3) re-upgrade --------------------