Bug ID 580639: Block All - Session Tracking Status is not persisted across an auto-sync device group

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Opened: Mar 15, 2016
Severity: 4-Minor

Symptoms

Users, IPs, and Sessions that are meant to be blocked due to their traffic patterns, are not being synchronized to the peer device in an auto-sync device group with ASM sync enabled. This can lead to bad actors becoming unblocked again after failover, or in an Active/Active configuration.

Impact

This can lead to bad actors becoming unblocked again after failover, or in an Active/Active configuration.

Conditions

This occurs with ASM configured and are part of an auto=sync sync-failover group.

Workaround

Forcing a full sync will propagate the session tracking information.

Fix Information

None

Behavior Change