Bug ID 759360: Apply Policy fails due to policy corruption from previously enforced signature

Last Modified: Sep 16, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5

Fixed In:
15.0.0, 14.1.0.6, 13.1.1.5

Opened: Feb 22, 2019
Severity: 2-Critical

Symptoms

Apply Policy fails due to policy corruption in PLC database from a previously enforced signature.

Impact

Apply policy fails.

Conditions

1. Export a policy containing a signature with an enforced rule. 2. Update ASM Signatures (ASU). 3. Import that previously exported policy. 4. Apply the newly imported policy.

Workaround

As a workaround, run the following SQL, and then apply the policy: ---------------------------------------------------------------------- UPDATE PLC.PL_POLICY_NEGSIG_SIGNATURES SET previous_enforced_rule_md5 = '' WHERE previous_enforced_rule = '' and previous_enforced_rule_md5 != '' ----------------------------------------------------------------------

Fix Information

None

Behavior Change