Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0
Opened: Jul 15, 2018 Severity: 3-Major
Policy learning takes longer than previous versions when there are thousands of policies.
It takes longer for the system learn all the policies.
-- Specific load over thousands of policies. -- Automatic policy building. -- Requests do not have violations.
To work around this, set the following variable to 100: pb_sampling_high_cpu_load Note: The default is 10, which gets 10 sampled requests. Setting the value to 100 impacts performance. (Note: The parameter name is misleading, as the variable does not relate to CPU load.)
Issue is mitigated in this release. The policies get learned slower in 14.0.x and later, on systems with a high load of legal traffic and many policies. What took an hour to learn in previous versions might take several hours. You can use the internal parameter, pb_sampling_high_cpu_load, to adjust this. (Note: The parameter name is misleading, as the variable does not relate to CPU load.)