Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1
Fixed In:
13.0.0, 12.1.2, 11.6.1 HF1, 11.5.4 HF3
Opened: Jun 13, 2016 Severity: 3-Major Related Article:
K06913155
APM ACL does not get enforced all the time under certain conditions
ACL is not applied for subsequent connections for that TMM. This issue does not consistently reproduce.
The following conditions individually increase the chances for this problem to occur: 1. The device is very busy. (Construction of ACL windows is prolonged.) 2. Concentration of connections into one TMM. (e.g., VPN feature.) 3. Small number of TMMs (e.g., BIG-IP low-end platform, Virtual Edition (VE) configurations.) 4. Application starts with a high number of concurrent connections.
Mitigation: Administrator can kill the affected session, which forces the user to re-login, and ultimately restarts the ACL construction process.
Switching context when applying ACL is properly processed, and no longer cause ACL to be not enforced.