Bug ID 594547: LTM policy TCP address selector offers only the condition 'match any of'

Last Modified: May 01, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4

Opened: May 19, 2016
Severity: 4-Minor

Symptoms

In the GUI, you can create a condition on a TCP address where a list of specified addresses are considered for a match. But the negated condition (i.e., 'do not match any of') is not available.

Impact

Cannot use the GUI to specify conditions in a policy where the TCP address does-not-match a list of specified addresses.

Conditions

Using the GUI, attempt to create an LTM policy condition that checks for addresses that do not match the specified list.

Workaround

Use tmsh to create or modify a policy to negate a condition on TCP addresses, for example, in tmsh construct a command similar to the following: modify ltm policy my_policy rules modify { my_rule { conditions replace-all-with { 0 { tcp address not matches values { 10.10.4.0/0 } } } } }

Fix Information

None

Behavior Change