Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IQ Config Mgmt Infrastructure
Known Affected Versions:
7.0.0.2, 7.1.0.3, 7.1.6, 7.1.6.1, 7.1.7, 7.1.7.1, 7.1.7.2, 7.1.8, 7.1.8.1, 7.1.8.2, 7.1.8.3, 7.1.8.4, 7.1.8.5, 7.1.9, 7.1.9.7, 7.1.9.8, 7.1.9.9, 8.0.0, 8.0.0.1
Opened: Nov 21, 2020 Severity: 3-Major
When deploying a virtual server to a BIG-IP that the virtual server has not been created, you get an error: Values (/Common/secure_ciphers) specified for ClientSSL Profile (/Common/clientssl-tls13): foreign key index (cipher_group_FK) do not point at an item that exists in the database.
If custom Cipher Groups have been created on one BIG-IP, and are referenced by SSL Profiles on that BIG-IP, BIG-IQ is not able to deploy those SSL Profiles to another BIG-IP. This also applies to other objects that reference those SSL Profiles, such as Virtual Servers.
-- One or more Client-SSL Profiles or Server-SSL Profiles reference a custom Cipher Group. -- Virtual server is imported to BIG-IQ, then deployed to a different BIG-IP
Create the same custom Cipher Groups directly on each BIG-IP of interest. Once they are present, BIG-IQ will be able to deploy the affected SSL Profiles to the BIG-IP, along with other objects that reference those SSL Profiles, such as Virtual Servers.
None