Bug ID 702419: Protocol Inspection needs add-on license to work

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2

Fixed In:
14.0.0, 13.1.0.3

Opened: Jan 17, 2018
Severity: 3-Major

Symptoms

Protocol Inspection does not work.

Impact

Protocol Inspection functions that used to work no longer work.

Conditions

-- AFM is licensed and provisioned through 'Good' or 'Better' license, but no add-on subscription license for Protocol Inspection. Alternately, AFM licensed as an add-on module to another module (typically LTM). -- Protocol Inspection profile configured and applied to a Virtual Server or referenced in a firewall rule in an active firewall policy. -- Upgrade to 13.1.0.3 or later. -- Attempt to use Protocol Inspection functionality.

Workaround

Activate an add-on subscription or obtain an AFM standalone license. Protocol Inspection functionality now requires one of these.

Fix Information

Protocol Inspection now requires an add-on license to work. Note: If you previously had Protocol Inspection configured without an add-on license installed, the features are not applied to traffic until the add-on license is obtained, even though the interface allows you to configure them.

Behavior Change

The Protocol Inspection (PI) Intrusion Detection and Prevention System functionality now requires either an add-on subscription or an AFM standalone license for any of the features to work. A 'Good' or 'Better' license no longer enables the PI features. Note: The Configuration Utility allows you to configure inspection profiles, compliance checks, and signatures, but they are not applied to traffic. There is no feedback that they are not applied. The operations simply fail silently.