Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0, 12.1.3.6
Opened: Jul 25, 2017 Severity: 3-Major
Inter-system communications fail to connect to a BIG-IP system using the Management IP address.
Device sync operations do not work.
This occurs if the device connection is configured between a Self IP address on one BIG-IP system and the Management IP address on another. This occurs because the big3d daemon acts as a proxy, listening on the Management IP address and will send proper SSL connections (using SNI) to TMM (since TMM does not listen on the Management IP address). This is not an issue if either of the following is true: -- If the source of the connection is coming from the Management IP, the connection is clear text. (Not SSL encrypted and thus does not use SNI) -- The destination of the connection is a Self IP address, because TMM (via an iRule) will handle the connection.
Do not use the Management IP address for between-device communications.
The big3d proxy properly handles SSL SNI connections on the Management IP address.