Bug ID 749761: AFM Policy with Send to Virtual and TMM crash in a specific scenario

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4

Opened: Nov 14, 2018
Severity: 3-Major

Symptoms

TMM restart in a specific scenario when AFM Policy is configured in multiple contexts (Global, Route Domain, Virtual Server), with Log Translations enabled, and Send-To-VS feature configured in at least one of the rules in the Security Policy.

Impact

TMM restart causes service disruption. Traffic disrupted while tmm restarts.

Conditions

-- When using Firewall ACL Policy in more than one context, i.e., more than one of the following context has ACL Security Policy applied: + Global Context + Route Domain + Virtual Server Context -- Send To Virtual Server is configured on any Rule on the Security policy. -- Traffic matching a Rule (with logging enabled) in more than one context. -- AFM Security Logging Profile has log Translation Field Enabled.

Workaround

Disable Logging of Translation Fields in Security Logging Profile.

Fix Information

None

Behavior Change