Bug ID 863613: Changes in parent policy-builder settings might need a second deploy to sync child policies

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IQ Web App Security (ASM)(all modules)

Known Affected Versions:
5.2.0, 5.4.0, 5.4.0 HF1, 5.4.0 HF2, 6.0.1, 6.0.1.1, 6.0.1.2, 7.0.0, 7.0.0.1, 7.0.0.2

Opened: Dec 19, 2019
Severity: 3-Major

Symptoms

Changing a parent policy in learning mode, or other learn attributes under policy-builder settings, may not be reflected in child policies after initial deployment to BI-IQ.

Impact

There are differences to the child policy after deployment.

Conditions

On BIG-IP 1. Have a parent policy with disabled learning mode and policy building section that has mandatory inheritance. 2. Have a child policy for the parent from step 1 with wildcard wc/urls. On BIG-IQ: 3. Change parent learning mode to manual 4. Deploy changes 5. Re-deploy

Workaround

Redeploy the policies to synchronized the child policies with the parent policy changes.

Fix Information

None

Behavior Change