Bug ID 574442: Leftover data from User-Defined violations block Policy Creation

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:

Opened: Feb 18, 2016

Severity: 3-Major


Could not create Application Security Policy;Error: Could not add the Policy 'Security Policy /Common/import_test', internal data inconsistency was detected. Deployment Wizard failed to create a new Security Policy. Please restart Deployment Wizard


Deployment Wizard failed to create a new Security Policy.


1. When a user defined violation is added to the system. 2. Load the saved a UCS of an active ASM device 3. Try to create a policy.


mysql -Bs -u root -p$(perl -MPassCrypt -nle 'print PassCrypt::decrypt_password($_)' /var/db/mysqlpw) -e 'delete from PLC.PL_SECURITY_LEVEL_DEFAULTS where viol_index = 100' An alternative workaround for those who are queasy about direct DB manipulation is to create another user-defined violation on the device to fill in the missing "100" violation (User defined violations start at 100).

Fix Information

Fixed the handling of user-defined violations that previously blocked policy creation.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips