Bug ID 842385: Customized formerly inherited settings of a Child policy may not be deployed to a BIG-IP

Last Modified: May 05, 2020

Bug Tracker

Affected Product:  See more info
BIG-IQ Web App Security (ASM)(all modules)

Known Affected Versions:
5.4.0, 5.4.0 HF1, 5.4.0 HF2, 6.0.0, 6.0.1, 6.0.1.1, 6.1.0, 7.0.0, 7.0.0.1

Opened: Oct 23, 2019
Severity: 3-Major

Symptoms

Settings which had been inherited from a parent policy previously by a child policy but are now customized in the child policy may not be evaluated and consequently deployed to a target BIG-IP.

Impact

The change of the inheritance setting from Accept to Decline is properly evaluated and deployed to the target(s); however, all changed formerly inherited settings are neither evaluated nor deployed.

Conditions

1. Child policy set to Inheritance: Accept 2. Inheritance: Accept is changed to Inheritance: Decline 3. Formerly inherited setting(s) are changed 4. Attempt to Deploy modified Child policy to BIG-IP(s)

Workaround

After performing the initial evaluate and deploy which deploys the change of inheritance from Accept to Decline, a second evaluate and deploy of the child policy is needed to successfully deploy the changed, formerly inherited, settings as well.

Fix Information

None

Behavior Change