Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Fixed In:
12.1.0
Opened: Feb 18, 2016 Severity: 3-Major
Could not create Application Security Policy;Error: Could not add the Policy 'Security Policy /Common/import_test', internal data inconsistency was detected. Deployment Wizard failed to create a new Security Policy. Please restart Deployment Wizard
Deployment Wizard failed to create a new Security Policy.
1. When a user defined violation is added to the system. 2. Load the saved a UCS of an active ASM device 3. Try to create a policy.
mysql -Bs -u root -p$(perl -MPassCrypt -nle 'print PassCrypt::decrypt_password($_)' /var/db/mysqlpw) -e 'delete from PLC.PL_SECURITY_LEVEL_DEFAULTS where viol_index = 100' An alternative workaround for those who are queasy about direct DB manipulation is to create another user-defined violation on the device to fill in the missing "100" violation (User defined violations start at 100).
Fixed the handling of user-defined violations that previously blocked policy creation.