Bug ID 801581: L7 Security Dashboard and Application Dashboard do not display enforcement mode updates to AS3 applications

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IQ Applications(all modules)

Known Affected Versions:
7.0.0, 7.0.0.1, 7.0.0.2, 7.1.0, 7.1.0.1, 7.1.0.2, 7.1.0.3, 7.1.6, 7.1.6.1, 7.1.7, 7.1.7.1, 7.1.7.2, 7.1.8, 7.1.8.1, 7.1.8.2, 7.1.8.3, 7.1.8.4, 7.1.8.5, 7.1.9, 7.1.9.7, 7.1.9.8, 7.1.9.9

Opened: Jul 02, 2019

Severity: 4-Minor

Symptoms

An incorrect enforcement mode is displayed in BIG-IQ's dashboards for AS3 application's Web Application Security services, when a user makes changes to the enforcement mode. To get the correct protection mode displayed on the L7 Security dashboard, you must discover and import the ASM service to BIG-IP before and after you update an AS3 Web Application Security policy (WAF) and deploy it a BIG-IP device.

Impact

The protection mode in the Applications (Applications > APPLICATIONS) and L7 Security Dashboard (Monitoring > DASHBOARDS > L7 Security) might not be correct.

Conditions

WAF protection is deployed with an AS3 application using an ASM policy referenced in the following declaration: "policyWAF": { "bigip": "/Common/asm-policy-name" } This does not apply to AS3 application referencing the ASM policy in a URL.

Workaround

If you have made changes to an AS3 application's enforcement mode, and do not see your deployed changes reflected in BIG-IQ, use one of the following workflows: If user roles of security manager or admin were used to make enforcement mode changes: 1. Login as the security manager user role to the BIG-IQ system. 2. Discover and import the BIG-IP device that hosts the ASM policy and AS3 WAF application. To manually redeploy the AS3 application and trigger an update: 1. Go to Applications > APPLICATIONS and select the application and then the affected AS3 application service 2. Select Properties icon from the map at the center of the screen. 3. Select the Configuration tab at the center of the screen. 4. Enter a value in the description field. 5. Click Save. Once saved, the AS3 application is refreshed and information about the enforcement mode should display as expected.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips