Bug ID 921697: Attack signature updates fail to install with Installation Error.

Last Modified: Jul 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM, Install/Upgrade(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 16.0.0,, 16.0.1,,, 16.1.0

Opened: Jun 28, 2020
Severity: 3-Major


Installing a new Attack Signature Update (ASU) file on ASM/AWAF device that has large number of active policies can result in a failure due to memory exceptions. The following errors can be observed: /var/log/ts/asm_config_server.log: F5::ASMConfig::Handler::handle_error,,Code: 406 , Error message = Process size (232341504) has exceeded max size (200000000) /var/log/asm crit perl[19751]: 01310027:2: ASM subsystem error (apply_asm_attack_signatures ,F5::LiveUpdate::PayloadHandler::clean_fail): Fail load update files: TSocket: timed out reading 1024 bytes from n.n.n.n:9781


The attack signature update fails.


1. Adding and activating a large number of policies on a BIG-IP system configured with ASM/AWAF. It is not known exactly how many policies are required to encounter this, but it appears to be between 50 and 90 where this becomes a risk. 2. Installing a new ASU file


Impact of workaround: Performing this workaround requires restarting ASM, so it affects traffic processing briefly; therefore, it is recommended that you perform this during a maintenance window. Increase 'max memory size' from the default ~200 MB (200000000) to 300 MB: 1. Take a backup of the original file. # cp /etc/ts/tools/asm_config_server.cfg /var/tmp/asm_config_server.original.cfg 2. Add the following to the end of file /etc/ts/tools/asm_config_server.cfg: # AsyncMaxMemorySize=314572800 3. Restart ASM. # bigstart restart asm

Fix Information


Behavior Change