Last Modified: Nov 14, 2022
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1
Fixed In:
13.0.0, 12.1.3.2
Opened: Jul 20, 2016
Severity: 3-Major
Exporting a security policy from one device with specific learning and blocking settings selected, and then imports it to another device, the security policy does not load the expected learning and blocking settings on the target device, and is a mismatch from what is on the source device.
The loaded policy on device B does not have all the options checked for HTTP protocol compliance failed for all the sub-violations as expected. When exporting the policy from device B, the name of the exported file does not change to match device B's name, but still remains as device A's name.
On device A: Security :: Application Security : Policy Building : Learning and Blocking Settings • Select 'Enable' and 'Learn' under HTTP protocol compliance failed for all the sub-violations. • Save and export the policy in XML format. • Import to device B.
For exporting a policy that has Policy Builder enabled, use either of the methods below: -- Use XML export: + On export: - Stop policy builder. - Export to XML policy. - Start policy builder. + On import: - Import the XML policy. - Start the policy builder on the newly imported policy. 2) Use binary export/import.
This release fixes the XML Policy export/import processes so that there are no differences created in the 'HTTP protocol compliance' learning settings
