Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4
Fixed In:
13.1.1
Opened: Dec 05, 2017 Severity: 3-Major
Upgrading using a UCS or SCF file does not autogenerate uuids when the current config has the uuid-default-autogenerate flag enabled. This might cause issues when upgrading from older versions where uuids need to be quickly generated for existing firewall policies, rule lists, and management rules.
Requires manually configuration of uuids for rules that come in from the older config.
Upgrading from an older version with an existing security policy which has no uuids configured.
Generate uuids for all policies, rule-lists, and management rules using the following three tmsh commands: -- tmsh modify sec fire policy all rules modify { all { uuid auto-generate}} -- tmsh modify sec fire rule-list all rules modify { all { uuid auto-generate}} -- tmsh modify sec fire management-ip-rules rules modify { all { uuid auto-generate}} Optionally, to ensure rules created in the future have uuids autogenerated issue the following tmsh command: -- tmsh modify sec firewall uuid-default-autogenerate mode enabled
No fix provided, Current behavior causes the uuid-default-autogenerate flag to be overwritten to disabled by the ucs load process. Workaround has been provided to mitigate against this behavior.