Bug ID 871457: Cannot enable logging for management firewall with LTM only provisioned

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,

Opened: Jan 20, 2020
Severity: 3-Major


You cannot enable firewall logging via tmsh or the GUI when only LTM is provisioned. AFM must be licensed and provisioned in order to configure firewall logging with tmsh or the GUI.


You cannot enable firewall logging to help with tracking or to aid in troubleshooting.


-- No AFM Provisioned -- v14.1.0 or newer. -- Using firewall rules to protect the management interface.


You can run the following command to view the counters from F5 rules easily with this command (output is very verbose): # /sbin/iptables -vL f5acl If you want to enable logging (output is very verbose), you can run the following command: /sbin/iptables -I f5acl -j LOG --log-prefix "IPTables-Dropped: " This will then log to /var/log/kern.log. To remove this change: /sbin/iptables -D f5acl -j LOG --log-prefix "IPTables-Dropped: "

Fix Information


Behavior Change