Last Modified: Apr 10, 2019
See more info
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: May 09, 2017
Related AskF5 Article: K04025134
AFM rules are bypassed / not evaluated on the 'redirected' virtual server when the traffic is internally forwarded to that virtual server. This is a regression from 12.1.x behavior.
This has the effect of potentially negating firewall protections for the traffic that is being redirected to a different virtual server (application) if that virtual server has an AFM policy enabled on it.
Incoming traffic matches a virtual server and then gets internally redirected to another virtual server either via an iRule or a LTM local traffic policy.
There is no workaround at this time.
Cause of the regression is fixed and now AFM policy is applied to traffic that is internally redirected to another virtual server (either via iRule or LTM traffic policy).