Bug ID 594547: LTM policy TCP address selector offers only the condition 'match any of'

Last Modified: Sep 24, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 15.0.0, 15.0.1,,,,

Opened: May 19, 2016
Severity: 4-Minor


In the GUI, you can create a condition on a TCP address where a list of specified addresses are considered for a match. But the negated condition (i.e., 'do not match any of') is not available.


Cannot use the GUI to specify conditions in a policy where the TCP address does-not-match a list of specified addresses.


Using the GUI, attempt to create an LTM policy condition that checks for addresses that do not match the specified list.


Use tmsh to create or modify a policy to negate a condition on TCP addresses, for example, in tmsh construct a command similar to the following: modify ltm policy my_policy rules modify { my_rule { conditions replace-all-with { 0 { tcp address not matches values { } } } } }

Fix Information


Behavior Change