Bug ID 753893: Inconsistent validation for firewall address-list's nested address-list causes load failure

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,,

Fixed In:

Opened: Dec 21, 2018

Severity: 3-Major


Inconsistent validation for firewall address-list's nested address-lists causes load failure. The operation validates 'addresses' in the address-list but misses the case of modifying the address-list nested in the address-list. The system posts a message similar to the following: 01071a5a:3: Cannot configure mix of IPv4 and IPv6 address(es) in this object. Unexpected Error: Loading configuration process failed.


Missing validation for nested address-list modification allows an invalid configuration to be specified and saved into bigip*.conf, which causes load failure. Note: This might cause upgrade from v12.1.x to fail when the configuration contains a mix of IPv4 and IPv6 within an address-list.


-- Modify an address-list's address-lists to contain mixed IPv4 and IPv6 addresses. -- Save the configuration. -- Load the configuration.


Edit the bigip*.conf file to remove the mix of IPv4 and IPv6 addresses in the nested address-lists.

Fix Information

This release contains validation to nested address-lists to check for overlapping IP addresses in the same address family.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips