Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Fixed In:
12.1.0, 11.6.1 HF1
Opened: Mar 03, 2016
Severity: 3-Major
Having a standard Active/Standby setup, with a single Sync-Failover Device Group, Auto-Sync, with ASM enabled. When importing an ASM policy (named 'ddddd') into the inactive policies list, the following results in GUI screen, Security :: Application Security : Security Policies : Inactive Policies. On active device: Security Policy Name - Version ddddd - 2016-02-25 10:39:49 ddddd_2 - 2016-03-01 00:11:46 On standby device: Security Policy Name - Version ddddd - 2016-03-01 00:11:41 ddddd_2 - 2016-02-25 10:39:49 According to the 'Version' field (time stamps), the 'ddddd' on active is actually 'ddddd_2' on standby and then the other two policies are not the same. The group ends up with three different policies on the two devices.
Three different policies are created on the two devices.
-- Active/Standby configuration. -- ASM provisioned. -- Import security policy to the inactive policies list.
None.
The import policy process now results in a consistent state on both devices in a device group.
