Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2
Fixed In:
16.1.0, 15.1.2.1, 14.1.4
Opened: Dec 23, 2020 Severity: 3-Major
If the value of the bigdb variable 'vlangroup.forwarding' is set to 'enabled', the DDoS Hybrid Defender UI resets it to 'disabled' when visiting certain pages.
The value of 'vlangroup.forwarding' is reset to 'disable' (which you can check in tmsh). Misconfiguration of vlan.override might lead to loss in traffic
-- DDoS License is used. -- 'vlangroup.forwarding' is enabled. -- Visit one of the following pages: - DoS Setup :: Silverline - DoS Setup :: Global - Network :: High Availability - System :: About
None.
Remove check and reset function on DHD page initialization for the following pages: -- DoS Setup :: Silverline -- DoS Setup :: Global -- Network :: High Availability -- System :: About In the BIG-IP v14.1.0 release, the default value of 'vlangroup.forwarding.override' was 'Enabled'. With this fix, the value is no longer reset to 'Disabled'. Note that this does not impact existing v14.1.0 installations or upgrades, as they will keep the existing 'Disabled' value. In the case of a new installation or an upgrade without installing configuration, the value must be manually set to 'Disabled'.