Bug ID 906853: Import of SSM module on BIG-IQ can fail with error

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IQ Network Security (AFM)(all modules)

Known Affected Versions:
7.1.0,,,, 7.1.6,, 7.1.7,,, 7.1.8,,,,,, 7.1.9,,,, 8.0.0,

Opened: May 06, 2020

Severity: 3-Major


The following error occurs when importing a BIG-IP SSM module onto a BIG-IQ system: "Failed to copy configuration to working-config; reason: Failed copying from source subcollections to target subcollections: %s: java.lang.IllegalArgumentException: The dynamic signature mitigation (manual-multiplier) must be [none, low, medium, high]."


You will not be able to import BIG-IP on BIG-IQ


This occurs when you are using DoS protection features and have set "Mitigation mode" to "Manual multiplier" under Security :: DoS Protection : Device Protection : Network Properties


To unblock import, modify the config files on BIG-IQ as follows: 1. Launch TMSH console on BIG-IQ and identify relevant .json files which contain the impacted property $grep "dynamicSignaturesMitigationValues" /var/config/rest/security/dos/* 2. Identify the files for the highest BIG-IP version supported by BIG-IQ. This is because these settings are not loaded from the json corresponding to the version of BIG-IP you are attempting to import. For example if step 1 reports *-16.1.x.json files as the highest version, then use those for the subsequent steps 3. Edit each file and add the entry "manual-multiplier" under property dynamicSignaturesMitigationValues as follows: "dynamicSignaturesMitigationValues": [ "none", "low", "medium", "high", "manual-multiplier" <================= ], 4. Restart restjavad service $bigstart restart restjavad 5. Re-import BIG-IP on BIG-IQ

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips