Bug ID 598981: APM ACL does not get enforced all the time under certain conditions

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1

Fixed In:
13.0.0, 12.1.2, 11.6.1 HF1, 11.5.4 HF3

Opened: Jun 13, 2016

Severity: 3-Major

Related Article: K06913155

Symptoms

APM ACL does not get enforced all the time under certain conditions

Impact

ACL is not applied for subsequent connections for that TMM. This issue does not consistently reproduce.

Conditions

The following conditions individually increase the chances for this problem to occur: 1. The device is very busy. (Construction of ACL windows is prolonged.) 2. Concentration of connections into one TMM. (e.g., VPN feature.) 3. Small number of TMMs (e.g., BIG-IP low-end platform, Virtual Edition (VE) configurations.) 4. Application starts with a high number of concurrent connections.

Workaround

Mitigation: Administrator can kill the affected session, which forces the user to re-login, and ultimately restarts the ACL construction process.

Fix Information

Switching context when applying ACL is properly processed, and no longer cause ACL to be not enforced.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips