Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IQ Network Security (AFM)
Known Affected Versions:
5.4.0, 5.4.0 HF1, 5.4.0 HF2
Opened: Dec 04, 2018 Severity: 4-Minor
BIG-IQ does not generate a Warning verification log during deployment of AFM if a SNAT policy is a "Dynamic PAT" type and the source address count and source address translation count are different, or the destination address count and the destination address translation count are different.
BIG-IQ does not generate a warning as it should.
When deploying AFM with a SNAT policy of type Dynamic PAT and either of the following conditions are true: 1. Source address count and source address translation count are different. 2. Destination address count and destination address translation count are different
Make sure the address counts and address translation counts are identical before deploying AFM.
None