Bug ID 691830: BIG-IQ no longer accept an MD5 Signature Passphrase value for the TCP base profile

Last Modified: Mar 31, 2018

Bug Tracker

Affected Product:  See more info
BIG-IQ Configuration - Local Traffic(all modules)

Fixed In:
5.4.0

Opened: Oct 31, 2017
Severity: 4-Minor

Symptoms

BIG-IQ requires re-entry for passwords, and other secure properties, to preserve their values on older BIG-IP 11.x.x devices. The base TCP profile became read-only in BIG-IP release 13.0.0. F5 guidance is to now discontinue the use of this profile. Consequently, it will no longer be possible to re-enter the MD5 Signature Passphrase value for the TCP base profile on BIG-IQ.

Impact

This condition will affect all usage of the base TCP profile when the base TCP profile contains a value for the MD5 Signature Passphrase property.

Conditions

The base TCP profile became read-only in BIG-IP release 13.0.0. BIG-IQ can no longer deploy changes to this profile to BIG-IP versions 13.0.0 and greater. Since BIG-IQ must manage environments that contain multiple BIG-IP versions, a decision was reached to make the BIG-IQ instance of base TCP profile read-only.

Workaround

If you are using the base TCP profile, we strongly encourage you to replace it immediately, perhaps with a custom profile that defaults from the 'tcp-legacy' TCP profile. If you are using the base TCP profile, and it has an MD5 Signature Passphrase value, then you must replace the base profile with a custom profile in order to re-enter a value for the MD5 Signature Passphrase property and deploy successfully.

Fix Information

To be consistent with BIG-IP guidance, the base TCP profile is now read-only on BIG-IQ.

Behavior Change