Bug ID 710262: Firewall is not updated when adding new rules

Last Modified: Mar 08, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4

Fixed In:
14.1.0

Opened: Mar 14, 2018
Severity: 3-Major

Symptoms

When adding new rules into existing firewall policies, firewall may be not updated and so new rules are not used in traffic processing. If on-demand-compilation mode is enabled, firewall may remain in quiescent state instead of compilation-pending state after adding rules.

Impact

Firewall is not updated and new rules do not affect data traffic. If on-demand-compilation mode is enabled, firewall remain in quiescent state instead of going to compilation-pending state after adding rules.

Conditions

Firewall rules added into existing firewall policies, no rules are deleted or modified.

Workaround

Make additional changes to firewall rules in order to start firewall update. For example: - add a fake rule and delete it - or modify a rule, e.g. by adding an IP, and then revert modification by removing that IP.

Fix Information

When adding new rules, firewall is always updated. If on-demand-compilation mode is enabled, firewall is going to compilation-pending state after adding rules.

Behavior Change