Bug ID 750353: Manual Device Group Put in Pending State With No Indication

Last Modified: Jul 03, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6

Fixed In:
15.0.0

Opened: Nov 18, 2018
Severity: 5-Cosmetic

Symptoms

When Session Tracking is enabled on devices in a Manual Sync ASM-enabled device group, the device group can be put into 'Pending' state with no indication as to what changed in the system. This is because Audit Log Messages are not written for changes due to Session Tracking.

Impact

It is unclear why the device group is in Pending State and what the impact is if the configuration is pushed to a peer.

Conditions

-- ASM Sync is enabled on a Manual Sync Device Group. -- Session Tracking is enabled on an ASM Security Policy.

Workaround

None.

Fix Information

When in a high availability (HA) environment, changes to Session Tracking are now written to the Audit log as batched events, similar to the following example: x Sessions were set to 'Block All'

Behavior Change