Last Modified: Jul 12, 2023
BIG-IP ASM, Install/Upgrade, TMOS
Known Affected Versions:
14.1.0, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 14.1.2, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 15.0.0, 15.0.1, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 15.1.0, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199
16.0.0, 15.1.1, 188.8.131.52
Opened: Dec 22, 2019 Severity: 1-Blocking Related Article:
Related Article: K48234609
ASM policies may not load immediately after upgrade due to SELinux policies issues relating to the upgrade process.
Traffic is not processed properly after upgrade due to failure to load ASM policies.
1. ASM is provisioned. 2. One or more ASM Security Policies is attached to one or more virtual servers. 3. Upgrade from v12.x or v13.x to v14.x or later.
You can use either of the following workarounds. -- Remove ASM Policies while upgrading: 1. Prior to upgrade, remove all ASM Security Policies from all virtual servers. 2. Upgrade. 3. Reassociate each ASM Security Policy with its original virtual server. -- Restore the UCS on a new boot location after upgrade: 1. Prior to upgrade, create a UCS. 2. Upgrade or create a new instance of the software version at the target location. 3. Restore the UCS at the new location.
ASM policies now load as expected after upgrading to 14.x or later from a previous major version.