Bug ID 737500: Apply Policy and Upgrade time degradation when there are previous enforced rules

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
14.1.0, 14.0.0.5, 13.1.1.2

Opened: Jul 19, 2018

Severity: 3-Major

Symptoms

When there are previously enforced rules present in the system, the time to apply changes made to a policy, and the time to upgrade the configuration to a new version suffers.

Impact

The time to apply changes made to a policy, and the time to upgrade the configuration to a new version, suffers from a inefficiently performing query related to the existence of previously enforced rules.

Conditions

-- Signature Staging is enabled. -- Updated Signature Enforcement is set to 'Retain previous rule enforcement and place updated rule in staging'. -- Signatures are enforced on a policy. -- A new ASM Signature Update is installed, which modifies the matching rule for some enforced signatures.

Workaround

There is no workaround at this time.

Fix Information

Query indexing and performance is fixed: Apply Policy executes in the same time whether there are previously enforced rules in the system or not. Enforcing all signatures in a set now correctly removes the previously enforced rule from the signature.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips