Bug ID 710262: Firewall is not updated when adding new rules

Last Modified: Sep 06, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1

Fixed In:
14.1.0, 13.1.1.5

Opened: Mar 14, 2018
Severity: 3-Major

Symptoms

When adding new rules into existing firewall policies, firewall may be not updated, so new rules are not used in traffic processing. If on-demand-compilation mode is enabled, firewall may remain in quiescent state instead of compilation-pending state after adding rules.

Impact

Firewall is not updated and new rules do not affect data traffic. If on-demand-compilation mode is enabled, firewall remain in quiescent state instead of going to compilation-pending state after adding rules.

Conditions

-- Firewall rules are added into existing firewall policies. -- No rules are deleted or modified.

Workaround

Make additional changes to firewall rules in order to start firewall update, for esample: -- Add a placeholder rule, and then delete it. -- Modify a rule (e.g. by adding an IP address), and then revert the modification by removing that IP address.

Fix Information

When adding new rules, firewall is now always updated. If on-demand-compilation mode is enabled, firewall goes to the compilation-pending state after adding rules.

Behavior Change