BugZero | F5 BugID 663770 - AFM rules are bypassed / ignored when traffic is i...

F5 - Defect ID: 663770

AFM rules are bypassed / ignored when traffic is internally forwarded to a redirected virtual server

F5 - Defect ID: 663770

AFM rules are bypassed / ignored when traffic is internally forwarded to a redirected virtual server

Last updated on July 13th, 2024

BugZero Risk Score
7.1 High

Overall: 7.1

Severity: 7.3

Community: 4.1

Lifecycle: 7.1

What is the BugZero Risk Score?

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: 3-Major
Status: Verified
Impact Category: Advanced Firewall Manager

Description

Symptoms

AFM rules are bypassed / not evaluated on the 'redirected' virtual server when the traffic is internally forwarded to that virtual server. This is a regression from 12.1.x behavior.

Impact

This has the effect of potentially negating firewall protections for the traffic that is being redirected to a different virtual server (application) if that virtual server has an AFM policy enabled on it.

Conditions

Incoming traffic matches a virtual server and then gets internally redirected to another virtual server either via an iRule or a LTM local traffic policy.

Workaround

There is no workaround at this time.

Fix Information

Cause of the regression is fixed and now AFM policy is applied to traffic that is internally redirected to another virtual server (either via iRule or LTM traffic policy).

Change history

2025-03-22 Added: 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Top F5 Defects by Risk Score

No bugs this month

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 663770

AFM rules are bypassed / ignored when traffic is internally forwarded to a redirected virtual server

F5 - Defect ID: 663770

AFM rules are bypassed / ignored when traffic is internally forwarded to a redirected virtual server

Last updated on July 13th, 2024

BugZero Risk Score
7.1 High

Bug Details

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 Defects by Risk Score

Ready to prevent the next vendor outage?

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 663770

AFM rules are bypassed / ignored when traffic is internally forwarded to a redirected virtual server

F5 - Defect ID: 663770

AFM rules are bypassed / ignored when traffic is internally forwarded to a redirected virtual server

Last updated on July 13th, 2024

BugZero Risk Score7.1 High

Bug Details

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 Defects by Risk Score

Ready to prevent the next vendor outage?

BugZero Risk Score
7.1 High