Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP Install/Upgrade
Known Affected Versions:
11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1
Fixed In:
13.0.0, 12.1.2, 11.6.1 HF2
Opened: Mar 23, 2016 Severity: 3-Major Related Article:
K16273300
It is possible to create macrocall access policy item that: 1. Belongs to policy items list. 2. Correctly connected to ending. 3. Have no incoming rules (i.e., no items pointing at it).
VPE fails to render this access policy.
1. Create access policy with macrocall item in one of the branches. 2. Remove the item which refers to this macrocall item from AP As a result, macrocall item remains.
Delete macrocall access policy item manually using tmsh commands.
Any modification of access policy is not allowed if it makes any access policy item non-referenced. At upgrade time, non-referenced access policy items are deleted. All subsequent access policy items are deleted as well. Resulting access policies can be rendered correctly by VPE. Note that only active configuration is corrected, saved configuration file (/config/bigip.conf) contains uncorrected version until any new configuration changes are done. Active configuration can be saved by explicit tmsh command ('tmsh save sys config partitions all").