Bug ID 580639: Block All - Session Tracking Status is not persisted across an auto-sync device group

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Opened: Mar 15, 2016

Severity: 4-Minor

Symptoms

Users, IPs, and Sessions that are meant to be blocked due to their traffic patterns, are not being synchronized to the peer device in an auto-sync device group with ASM sync enabled. This can lead to bad actors becoming unblocked again after failover, or in an Active/Active configuration.

Impact

This can lead to bad actors becoming unblocked again after failover, or in an Active/Active configuration.

Conditions

This occurs with ASM configured and are part of an auto=sync sync-failover group.

Workaround

Forcing a full sync will propagate the session tracking information.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips