Bug ID 697516: Upgrading using a ucs or scf file does not autogenerate uuids when current config has the uuid-default-autogenerate flag enabled

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8

Fixed In:
13.1.1

Opened: Dec 05, 2017
Severity: 3-Major

Symptoms

Upgrading using a UCS or SCF file does not autogenerate uuids when the current config has the uuid-default-autogenerate flag enabled. This might cause issues when upgrading from older versions where uuids need to be quickly generated for existing firewall policies, rule lists, and management rules.

Impact

Requires manually configuration of uuids for rules that come in from the older config.

Conditions

Upgrading from an older version with an existing security policy which has no uuids configured.

Workaround

Generate uuids for all policies, rule-lists, and management rules using the following three tmsh commands: -- tmsh modify sec fire policy all rules modify { all { uuid auto-generate}} -- tmsh modify sec fire rule-list all rules modify { all { uuid auto-generate}} -- tmsh modify sec fire management-ip-rules rules modify { all { uuid auto-generate}} Optionally, to ensure rules created in the future have uuids autogenerated issue the following tmsh command: -- tmsh modify sec firewall uuid-default-autogenerate mode enabled

Fix Information

No fix provided, Current behavior causes the uuid-default-autogenerate flag to be overwritten to disabled by the ucs load process. Workaround has been provided to mitigate against this behavior.

Behavior Change