Bug ID 592819: Enabling of whitelists on a protected object requires disabling DoS protection support in hardware

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
iApps TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Opened: May 12, 2016
Severity: 3-Major

Symptoms

On certain platforms, DDoS protection support in hardware prevents configuration of a whitelist for a protected object.

Impact

Cannot configure whitelist on a protected object.

Conditions

-- Configuration of a whitelist on a protected object. -- Hardware acceleration is configured on 5xxx/7xxx/10xxx/12xxx appliances, and all blades other than B2250/B4450.

Workaround

Disable hardware support for DDoS protection from the command line using the following command: modify sys db dos.forceswdos value true. Note: Disabling DDoS hardware support might impact the performance of the device because then, all DDoS protection mechanisms are managed in software.

Fix Information

None

Behavior Change