Bug ID 568458: DoS vectors must be enabled in both DoS Profile and Device Configuration

Last Modified: Jun 04, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5

Opened: Jan 18, 2016
Severity: 5-Cosmetic

Symptoms

In order for a DoS vector in a DoS Profile to detect a you must enable that same vector in the DoS Device Configuration.

Impact

Might result in false negatives.

Conditions

DoS vector configured at the per-virtual server level, but not at the device level.

Workaround

You can use the following workaround: 1. Enable the vector in Security : DoS Protection : DoS Profiles. To do so, click Network Protection, click Enabled, and enable the DoS Vector for the DoS Profile. 2. Enable the vector in the Device Configuration. To do so, go to Security : Dos Protection : Device Configuration, select the vector, and then configure the vector either manually, or with the auto-configuration option.

Fix Information

None

Behavior Change