Bug ID 842013: ASM Configuration is Lost on License Reactivation

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM, Install/Upgrade, TMOS(all modules)

Known Affected Versions:
15.1.3, 15.1.3.1, 15.1.4

Fixed In:
17.0.0, 16.1.2, 15.1.4.1, 14.1.4.5, 13.1.5

Opened: Oct 22, 2019

Severity: 2-Critical

Symptoms

After re-activating a BIG-IP license, if the configuration fails to load and reverts to a base config load, the ASM policy config contains 'default' or 'stub' policies, even after fixing the error that caused the configuration to fail to load.

Impact

ASM policy configuration is lost and all policies are reverted to empty 'stubs'

Conditions

1) A parsing error exists in the BIG-IP config such that 'tmsh load sys config verify' would fail 2) There is a license reactivation or the configuration is reloaded

Workaround

In the case of license re-activation/before upgrade: Run the command "tmsh load sys config verify" prior to license activation on ASM units to be sure that the config will pass parsing and avoid the fallback to base configuration load. In a case of booting the system into the new version: Option 1: 1. Using the steps in either K4423 or K8465, fix the issue that was preventing the config to load. 2. Reload the config from the fixed UCS file using the command in K13132. Option 2: 1. Roll back to the old version. 2. Fix the issue that was preventing the config to load. 3. Before activating the Boot Location of the new version at System >> Software Management : Boot Locations, make sure to set the option Install Configuration to Yes. see: K64400324 Option 3: If one of the high availability (HA) units successfully upgraded, then use config-sync to push the working config to the failing unit.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips