Bug ID 617620

Bug Tracker
ID 617620

Bug ID 617620: Firewall rule with Multicast/Link Local IPv6 addresses netmask bigger than 32 will not work

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10

Fixed In:
13.0.0

Opened: Sep 19, 2016

Severity: 3-Major

Symptoms

For AFM firewall rule with IPV6 source or destination addresses matching multicast or link local pattern, if the netmask is set to greater than 32, the rule will not match.

Impact

The firewall rule will not be applied if there's traffic matching the rule.

Conditions

IPV6 source or destination addresses matching patterns: FF02:xxxx:: FE08:xxxx::

Workaround

N/A

Fix Information

Fixed an issue with AFM firewall rule netmasks

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips