Bug ID 598981: APM ACL does not get enforced all the time under certain conditions

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2

Fixed In:
13.0.0, 12.1.2, 11.6.1 HF1, 11.5.4 HF3

Opened: Jun 13, 2016
Severity: 3-Major
Related AskF5 Article:
K06913155

Symptoms

APM ACL does not get enforced all the time under certain conditions

Impact

ACL is not applied for subsequent connections for that TMM. This issue does not consistently reproduce.

Conditions

The following conditions individually increase the chances for this problem to occur: 1. The device is very busy. (Construction of ACL windows is prolonged.) 2. Concentration of connections into one TMM. (e.g., VPN feature.) 3. Small number of TMMs (e.g., BIG-IP low-end platform, Virtual Edition (VE) configurations.) 4. Application starts with a high number of concurrent connections.

Workaround

Mitigation: Administrator can kill the affected session, which forces the user to re-login, and ultimately restarts the ACL construction process.

Fix Information

Switching context when applying ACL is properly processed, and no longer cause ACL to be not enforced.

Behavior Change