Bug ID 699495: SNMP ltmFwRuleStat provides incorrect AFM Policy Name after a certain length

Last Modified: Sep 06, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 15.0.0, 15.0.1

Opened: Dec 19, 2017
Severity: 4-Minor

Symptoms

When a firewall rule policy name is longer than 63 characters, the retrieved SNMP entry value of the policy name will contains some prefix of the policy name followed by some random characters representing a hash value. The hash is done to limit the length of the policy name to be able to fit into SNMP packets.

Impact

The policy name retrieved from SNMP doffers from the name configured by the user, causing confusion when the user tries to correlate SNMP data with the configuration.

Conditions

1. Configure AFM Policy with a long name and attach it to Global Context. 2. Perform SNMP walk for ltmFwRuleStat. 3. SNMP output shows unexpected AFM Policy Name For example, specifying 'Enforced-Policy-Global-IPv4-IPv6-Part1' results in 'Enforced-Policy-Global-IPv4-I4e2b9a53'.

Workaround

There is no workaround other than limiting the policy name to a string that is shorter than 63 characters.

Fix Information

None

Behavior Change