Bug ID 694922: ASM Auto-Sync Device Group Does Not Sync

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.5, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3

Fixed In:
14.0.0, 13.1.0.4, 12.1.3.2, 11.6.3.2, 11.5.6

Opened: Nov 16, 2017

Severity: 3-Major

Symptoms

In rare circumstances a device may enter an untrusted state and confuse the device group.

Impact

ASM configuration is not correctly synchronized between devices

Conditions

1) ASM sync is enabled on an autosync device group 2) A new ASM entity is created on a device

Workaround

1) Remove ASM sync from the device group (Under Security ›› Options : Application Security : Synchronization : Application Security Synchronization) 2) Restart asm_config_server.pl on both devices and wait until they come back up 3) Change the device group to a manual sync group 4) On the device with the good configuration re-enable ASM sync for the device group 5) Make a spurious ASM change, and push the configuration. 6) Change the sync type back to automatic

Fix Information

Devices no longer spuriously enter an untrusted state

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips