Last Modified: Feb 13, 2019
See more info
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2
13.0.0, 12.1.2, 11.6.1 HF2
Opened: Mar 23, 2016
Related AskF5 Article: K16273300
It is possible to create macrocall access policy item that: 1. Belongs to policy items list. 2. Correctly connected to ending. 3. Have no incoming rules (i.e., no items pointing at it).
VPE fails to render this access policy.
1. Create access policy with macrocall item in one of the branches. 2. Remove the item which refers to this macrocall item from AP As a result, macrocall item remains.
Delete macrocall access policy item manually using tmsh commands.
Any modification of access policy is not allowed if it makes any access policy item non-referenced. At upgrade time, non-referenced access policy items are deleted. All subsequent access policy items are deleted as well. Resulting access policies can be rendered correctly by VPE. Note that only active configuration is corrected, saved configuration file (/config/bigip.conf) contains uncorrected version until any new configuration changes are done. Active configuration can be saved by explicit tmsh command ('tmsh save sys config partitions all").