Bug ID 574442: Leftover data from User-Defined violations block Policy Creation

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Feb 18, 2016
Severity: 3-Major

Symptoms

Could not create Application Security Policy;Error: Could not add the Policy 'Security Policy /Common/import_test', internal data inconsistency was detected. Deployment Wizard failed to create a new Security Policy. Please restart Deployment Wizard

Impact

Deployment Wizard failed to create a new Security Policy.

Conditions

1. When a user defined violation is added to the system. 2. Load the saved a UCS of an active ASM device 3. Try to create a policy.

Workaround

mysql -Bs -u root -p$(perl -MPassCrypt -nle 'print PassCrypt::decrypt_password($_)' /var/db/mysqlpw) -e 'delete from PLC.PL_SECURITY_LEVEL_DEFAULTS where viol_index = 100' An alternative workaround for those who are queasy about direct DB manipulation is to create another user-defined violation on the device to fill in the missing "100" violation (User defined violations start at 100).

Fix Information

Fixed the handling of user-defined violations that previously blocked policy creation.

Behavior Change