Last Modified: Sep 13, 2023
BIG-IP ASM, Install/Upgrade, TMOS
Known Affected Versions:
15.1.3, 18.104.22.168, 15.1.4
17.0.0, 16.1.2, 22.214.171.124, 126.96.36.199, 13.1.5
Opened: Oct 22, 2019 Severity: 2-Critical
After re-activating a BIG-IP license, if the configuration fails to load and reverts to a base config load, the ASM policy config contains 'default' or 'stub' policies, even after fixing the error that caused the configuration to fail to load.
ASM policy configuration is lost and all policies are reverted to empty 'stubs'
1) A parsing error exists in the BIG-IP config such that 'tmsh load sys config verify' would fail 2) There is a license reactivation or the configuration is reloaded
In the case of license re-activation/before upgrade: Run the command "tmsh load sys config verify" prior to license activation on ASM units to be sure that the config will pass parsing and avoid the fallback to base configuration load. In a case of booting the system into the new version: Option 1: 1. Using the steps in either K4423 or K8465, fix the issue that was preventing the config to load. 2. Reload the config from the fixed UCS file using the command in K13132. Option 2: 1. Roll back to the old version. 2. Fix the issue that was preventing the config to load. 3. Before activating the Boot Location of the new version at System >> Software Management : Boot Locations, make sure to set the option Install Configuration to Yes. see: K64400324 Option 3: If one of the high availability (HA) units successfully upgraded, then use config-sync to push the working config to the failing unit.