Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1
Fixed In:
14.0.0
Opened: Dec 10, 2015 Severity: 3-Major
Rarely, you might have ASM synchronization configured, but there is no evidence that the synchronization is occurring, and the policy changes are not synchronized. The following messages can be seen in '/var/log/ts/asm_config_server.log': ------------------------- -- F5::ASMConfig::Handler::SyncHandler::sync_general_ucs_request,,ASM is now entering sync recovery state. Requesting complete configuration from /Common/<peer_machine_name> -- F5::ASMConfig::Handler::send_to_relay,,Failed on sending sync_send_ucs to /Common/<peer_machine_name>: Can't call method "send" on an undefined value at /<path>/Handler.pm line <line_number>. -- F5::ASMConfig::Handler::spawn_relay_handler,,Sync recovery state timed out. State may be inconsistent with other peers ------------------------- Note: The values inside brackets in the log examples might differ from yours.
ASM sync does not occur.
It is not known what triggers this, but it occurs when ASM is provisioned, ASM sync is enabled, and high availability (HA) is configured. It is possible that it occurs when mcpd memory consumption becomes excessive.
1. Remove ASM sync from the device group (Under Security :: Options : Application Security : Synchronization : Application Security Synchronization). 2. Restart asm_config_server.pl on both devices and wait until they come back up. 3. Change the device group to a manual sync group . 4. On the device with the good configuration re-enable ASM sync for the device group. 5. Make a spurious ASM change, and push the configuration. 6. Change the sync type back to automatic.
ASM config is now able to successfully create a CGC channel to communicate with its peer.