Last Modified: Apr 29, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4
Opened: Dec 19, 2017 Severity: 4-Minor
When a firewall rule policy name is longer than 63 characters, the retrieved SNMP entry value of the policy name will contains some prefix of the policy name followed by some random characters representing a hash value. The hash is done to limit the length of the policy name to be able to fit into SNMP packets.
The policy name retrieved from SNMP doffers from the name configured by the user, causing confusion when the user tries to correlate SNMP data with the configuration.
1. Configure AFM Policy with a long name and attach it to Global Context. 2. Perform SNMP walk for ltmFwRuleStat. 3. SNMP output shows unexpected AFM Policy Name For example, specifying 'Enforced-Policy-Global-IPv4-IPv6-Part1' results in 'Enforced-Policy-Global-IPv4-I4e2b9a53'.
There is no workaround other than limiting the policy name to a string that is shorter than 63 characters.
None