Last Modified: Oct 16, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.0, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
13.0.0, 12.1.0, 11.6.1, 11.5.4 HF3
Opened: Oct 16, 2015 Severity: 3-Major Related Article:
K83452106
If administrator has installed multiple EPSEC packages, after a reboot the EPSEC version rolls back to the previously installed version.
OPSWAT version rolls back without prompting or logging. This might open up the end-point security issues that are supposed to be fixed by the latest installed OPSWAT package.
The BIG-IP system needs to be rebooted for this issue to be seen, and multiple EPSEC packages must have been installed on the system before the reboot.
The workaround is to upload a dummy file in Sandbox. 1. Go to Access Policy :: Hosted Content :: Manage Files. 2. Upload any dummy file, even a 0 byte file. Change the security level to 'session'. After this change, even if you reboot or shutdown-restart, the EPSEC version does not revert.
The most recently installed EPSEC version now remains configured, and does not roll back after reboot or shutdown-restart.