Bug ID 970041: Deploying tunnel objects to BIG-IP devices using a Tunnel Profile

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IQ ADC(all modules)

Known Affected Versions:,,, 7.1.6,, 7.1.7,,, 7.1.8,,,,,, 7.1.9,,,, 8.0.0,

Opened: Dec 05, 2020

Severity: 3-Major


If you attempt to deploy a tunnel object to a managed BIG-IP device using a Tunnel Profile, deployment fails with an error similar to the following: "profile" is a required property and may not be set to "none" or an empty value'


You cannot deploy the tunnel object to the BIG-IP device(s).


This happens in either of the following cases: *) An imported Tunnel object has been modified on BIG-IQ. *) The tunnel object hasn't been modified, but one or more imported Tunnel objects has ended up with an incorrect "ifIndex" value on BIG-IQ.


You can try to resolve the issue by performing one of the following options. Option 1) 1. From BIG-IQ, rediscover and re-import the device, selecting the "Use BIG-IP" to clear any changes from tunnel objects on BIG-IQ. 2. Create a new Evaluation / Deployment and redeploy to the BIG-IP device. Option 2) If option 1 does is not successful, manually copy the current BIG-IP configuration into the working configuration by logging into BIG-IQ through SSH and performing the following steps: 1. Write all tunnel objects to a file by typing the following commands: # restcurl /cm/adc-core/working-config/net/tunnels/tunnel | jq .items[] -c > /var/tmp/wc # restcurl /cm/adc-core/current-config/net/tunnels/tunnel | jq .items[] -c > /var/tmp/cc 2. Perform a diff on the content for ifIndex by typing the following commands: # cat /var/tmp/cc | jq .id -r | sort | while read uuid ; do grep $uuid /var/tmp/cc | jq .ifIndex > /var/tmp/mycc ; grep $uuid /var/tmp/wc | jq .ifIndex > /var/tmp/mywc ; diff /var/tmp/mywc /var/tmp/mycc >/dev/null ; if [ $? -eq "1" ] ; then echo $uuid ; fi ; done > /var/tmp/diffout 3. Verify that the diffout contains UID only, and test one of them to check the difference by typing commands similar to the following: # test=$(head -n1 /var/tmp/diffout) ; grep $test /var/tmp/cc | jq .ifIndex 384 # test=$(head -n1 /var/tmp/diffout) ; grep $test /var/tmp/wc | jq .ifIndex 400 4. Create the Tunnel.sh script fix by typing the following: TUNNELID=$1 restcurl "/cm/adc-core/current-config/net/tunnels/tunnel/$TUNNELID" | sed -e 's/current/working/g' | jq 'del(.generation,.lastUpdateMicros)' > workfinal curl "localhost:8100/cm/adc-core/working-config/net/tunnels/tunnel/$TUNNELID" -X PUT -d @workfinal | jq 5. Provide execution permissions to fixTunnel.sh by typing the following: # chmod +x fixTunnel.sh 6. Use the fixTunnel.sh script to correct the ifIndex by typing the following: # cat /var/tmp/diffout | while read UUID ; do echo $UUID ; ./fixtunnel.sh $UUID ; done

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips