Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4
Fixed In:
15.1.0, 12.1.5.1
Opened: May 22, 2019 Severity: 3-Major
Binary policy import fails if the policy contains a user-defined Signature Set which contains only non-existent Signatures (such as user-defined Signatures). The error in the GUI: Failed to insert to PLC.PL_POLICY_NEGSIG_SETS (DBD::mysql::db do failed: Cannot add or update a child row: a foreign key constraint fails (`PLC`.`PL_POLICY_NEGSIG_SETS`, CONSTRAINT `PL_POLICY_NEGSIG_SETS_ibfk_2` FOREIGN KEY (`set_id`) REFERENCES `NEGSIG_SETS` (`set_id`) ON DELETE CASCADE) at /usr/local/share/perl5/F5/BatchInsert.pm line 223. ) The error in /var/log/asm: crit g_server_rpc_handler_async.pl[26870]: 01310027:2: ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::log_error_and_rollback): Failed to insert to PLC.PL_POLICY_NEGSIG_SETS (DBD::mysql::db do failed: Cannot add or update a child row: a foreign key constraint fails (`PLC`.`PL_POLICY_NEGSIG_SETS`, CONSTRAINT `PL_POLICY_NEGSIG_SETS_ibfk_2` FOREIGN KEY (`set_id`) REFERENCES `NEGSIG_SETS` (`set_id`) ON DELETE CASCADE) at /usr/local/share/perl5/F5/BatchInsert.pm line 223.
Policy import fails.
A binary policy file contains a user-defined Signature Set which contains only signatures that don't exist on the target device (such as user-defined Signatures).
You can use either of the following Workarounds: -- Re-export the policy as XML. -- Create the missing user-defined Signatures.
Binary policy import succeeds even with empty user-defined Signature Sets.