Bug ID 629801: Access policy is applied automatically on target device after policy sync, when there is a also a FODG in the trust domain.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2

Fixed In:
13.0.0, 12.1.2 HF1

Opened: Nov 22, 2016
Severity: 3-Major
Related Article:
K01174447

Symptoms

After syncing an access policy, the access policy change on the other device should be prompting you to apply the policy, but instead it applies the policy automatically.

Impact

Policy changes are automatically applied, when they should only be synced with a prompt to apply after the sync.

Conditions

Two or more devices configured in a trust group, one device group is a failover device group, and one device group is a sync-only device group with automatic sync enabled. A key component that triggers this symptom is that the failover device group is listed first in the configuration. When this occurs, the policy will be applied automatically, which shouldn't occur.

Workaround

None.

Fix Information

After syncing an access policy, the access policy change on the other device in the trust group now prompts you to apply the policy, which is correct behavior.

Behavior Change