Bug ID 663770: AFM rules are bypassed / ignored when traffic is internally forwarded to a redirected virtual server

Last Modified: Jan 14, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:

Opened: May 09, 2017
Severity: 3-Major
Related AskF5 Article:


AFM rules are bypassed / not evaluated on the 'redirected' virtual server when the traffic is internally forwarded to that virtual server. This is a regression from 12.1.x behavior.


This has the effect of potentially negating firewall protections for the traffic that is being redirected to a different virtual server (application) if that virtual server has an AFM policy enabled on it.


Incoming traffic matches a virtual server and then gets internally redirected to another virtual server either via an iRule or a LTM local traffic policy.


There is no workaround at this time.

Fix Information

Cause of the regression is fixed and now AFM policy is applied to traffic that is internally redirected to another virtual server (either via iRule or LTM traffic policy).

Behavior Change