Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

More than two AFM rule lists causes error message and unable to delete or deploy any further declarations #893

Open
F5Rob opened this issue Nov 14, 2024 · 6 comments
Labels
bug Something isn't working untriaged Issue needs to be reviewed for validity

Comments

@F5Rob
Copy link

F5Rob commented Nov 14, 2024

Environment

  • Application Services Version: 3.53.0
  • BIG-IP Version: 17.1.1.3 AFM

Summary

When posting complex AFM rules, polices, and shared address/port lists, if 3 or more AFM rule lists are configured future DELETE and POST actions produce an error message and fail. The configuration successfully posts, but not able to DELETE or POST. Workaround is to remove the BIG-IP configurations manually, update the AS3 declaration and repost.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following declaration:
{
    "class": "AS3",
    "action": "deploy",
    "declaration": {
        "class": "ADC",
        "schemaVersion": "3.53.0",
        "id": "urn:uuid:aa0b634e-b54a-4d88-9652-0f2265085b84",
        "Common": {
            "class": "Tenant",
            "enable": true,
            "Shared": {
                "class": "Application",
                "template": "shared",
                "enable": true,
                "Metabase": {
                    "addresses": [
                        "10.11.68.55"
                    ],
                    "class": "Firewall_Address_List"
                },
                "Admin_VPN": {
                    "addresses": [
                        "10.11.68.59"
                    ],
                    "class": "Firewall_Address_List"
                },
                "CP_TKG_Wkld": {
                    "addresses": [
                        "10.10.112.192/26"
                    ],
                    "remark": "CP cluster",
                    "class": "Firewall_Address_List"
                },
                "Country_Blacklist": {
                    "remark": "List of country to block",
                    "geo": [
                        "AE",
                        "AF",
                        "ZA"
                    ],
                    "class": "Firewall_Address_List"
                },
                "Asia_Pacific": {
                    "remark": "Asia Pacific geo block list",
                    "geo": [
                        "AP"
                    ],
                    "class": "Firewall_Address_List"
                },
                "External_NTP": {
                    "addresses": [
                        "10.12.15.28",
                        "10.12.15.29",
                        "10.12.15.30"
                    ],
                    "class": "Firewall_Address_List"
                },
                "External_Networks": {
                    "addresses": [
                        "10.11.68.40",
                        "10.11.68.55",
                        "10.11.68.59"
                    ],
                    "class": "Firewall_Address_List"
                },
                "External_WAF_Servers": {
                    "addresses": [
                        "10.11.68.52",
                        "10.11.68.54",
                        "10.11.68.55",
                        "10.11.68.56",
                        "10.11.68.57",
                        "10.11.68.59",
                        "10.11.68.60",
                        "10.11.68.61",
                        "10.11.68.62"
                    ],
                    "class": "Firewall_Address_List"
                },
                "GIT_Whitelist": {
                    "addresses": [
                        "65.118.147.2",
                        "10.13.147.18"
                    ],
                    "class": "Firewall_Address_List"
                },
                "HackTheBox": {
                    "addresses": [
                        "146.190.139.22"
                    ],
                    "remark": "IP(s) for HTB, wanted by UKI stuff",
                    "class": "Firewall_Address_List"
                },
                "SEMs_00": {
                    "addresses": [
                        "10.0.20.14",
                        "10.0.99.14",
                        "10.0.99.15"
                    ],
                    "class": "Firewall_Address_List"
                },
                "SEMs_06": {
                    "addresses": [
                        "10.6.20.14",
                        "10.6.99.14",
                        "10.6.99.15"
                    ],
                    "class": "Firewall_Address_List"
                },
                "SEMs_08": {
                    "addresses": [
                        "10.20.20.13",
                        "10.20.101.13",
                        "10.20.101.14"
                    ],
                    "class": "Firewall_Address_List"
                },
                "SEMs_GSLAB": {
                    "addresses": [
                        "10.10.101.13",
                        "10.10.101.14",
                        "10.10.101.15",
                        "10.10.111.3"
                    ],
                    "class": "Firewall_Address_List"
                },
                "GSLAB_External": {
                    "addresses": [
                        "15.205.171.56"
                    ],
                    "class": "Firewall_Address_List"
                },
                "Chasm": {
                    "addresses": [
                        "10.11.68.40",
                        "10.11.68.56"
                    ],
                    "class": "Firewall_Address_List"
                },
                "NSX_Managemnt_Networks": {
                    "addresses": [
                        "10.10.101.0/24"
                    ],
                    "class": "Firewall_Address_List"
                },
                "Management_Network": {
                    "addresses": [
                        "10.10.50.0/24",
                        "10.10.200.0/23"
                    ],
                    "class": "Firewall_Address_List"
                },
                "OCP": {
                    "addresses": [
                        "10.11.68.51"
                    ],
                    "class": "Firewall_Address_List"
                },
                "Pypi": {
                    "addresses": [
                        "192.101.0.223",
                        "192.101.64.223",
                        "192.101.128.223",
                        "192.101.192.223"
                    ],
                    "class": "Firewall_Address_List"
                },
                "NOC_Blacklist": {
                    "addresses": [
                        "10.14.17.220",
                        "10.15.4.147"
                    ],
                    "class": "Firewall_Address_List"
                },
                "SSO": {
                    "addresses": [
                        "10.11.68.54"
                    ],
                    "class": "Firewall_Address_List"
                },
                "NOC_IP_Blacklist": {
                    "addresses": [
                        "10.13.62.8",
                        "10.13.95.115"
                    ],
                    "class": "Firewall_Address_List"
                },
                "White_List": {
                    "geo": [
                        "AU",
                        "CA",
                        "GB",
                        "NZ",
                        "US"
                    ],
                    "class": "Firewall_Address_List"
                },
                 "SEM_TCP": {
                    "ports": [
                        "53",
                        "80",
                        "88",
                        "389",
                        "443",
                        "464",
                        "636"
                    ],
                    "class": "Firewall_Port_List"
                },
                "SEM_UDP": {
                    "ports": [
                        "53"
                    ],
                    "class": "Firewall_Port_List"
                },
                "IPSEC": {
                    "ports": [
                        "500",
                        "4500"
                    ],
                    "class": "Firewall_Port_List"
                },
                "P443_8443": {
                    "ports": [
                        "443",
                        "8443"
                    ],
                    "class": "Firewall_Port_List"
                },
                "Satellite_Ports": {
                    "ports": [
                        "53",
                        "80",
                        "443"
                    ],
                    "class": "Firewall_Port_List"
                },
                "Blacklist": {
                    "remark": "Rules that limit traffic into the GSLAB",
                    "rules": [
                        {
                            "action": "drop",
                            "source": {
                                "addresses": [
                                    "192.30.2.0/24"
                                ]
                            },
                            "protocol": "any",
                            "name": "IP_Blacklist"
                        }
                    ],
                    "class": "Firewall_Rule_List"
                },
                "Inside_GSLAB": {
                    "remark": "Rules that control Internal traffic",
                    "rules": [
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "10.10.51.0/24"
                                ]
                            },
                            "source": {
                                "addressLists": [
                                    {
                                        "use": "/Common/Shared/NSX_Managemnt_Networks"
                                    }
                                ]
                            },
                            "protocol": "any",
                            "name": "Internal"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "10.10.51.0/24"
                                ]
                            },
                            "source": {
                                "addressLists": [
                                    {
                                        "use": "/Common/Shared/Management_Network"
                                    }
                                ]
                            },
                            "protocol": "any",
                            "name": "Internal_2"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addressLists": [
                                    {
                                        "use": "/Common/Shared/Management_Network"
                                    }
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "10.10.51.0/24"
                                ]
                            },
                            "protocol": "any",
                            "name": "Internal_2_temp_1"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addressLists": [
                                    {
                                        "use": "/Common/Shared/NSX_Managemnt_Networks"
                                    }
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "10.10.51.0/24"
                                ]
                            },
                            "protocol": "any",
                            "name": "Internal_2_temp_2"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "192.16.2.0/28"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "10.10.0.0/16"
                                ]
                            },
                            "protocol": "any",
                            "name": "Internal_TEMP"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "192.16.1.0/28"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "10.10.0.0/16"
                                ]
                            },
                            "protocol": "any",
                            "name": "Internal_temp_2"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "10.10.0.0/16"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "192.16.2.0/28"
                                ]
                            },
                            "protocol": "any",
                            "name": "TEMP_Internal_"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "10.10.0.0/16"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "192.16.1.0/28"
                                ]
                            },
                            "protocol": "any",
                            "name": "TEMP_Internal_3"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "10.10.0.0/16"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "10.10.0.0/16"
                                ]
                            },
                            "protocol": "any",
                            "name": "Catch_all"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "192.16.2.0/28"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "192.16.2.0/28"
                                ]
                            },
                            "protocol": "any",
                            "name": "Internal_Internal"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "192.16.1.0/28"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "192.16.1.0/28"
                                ]
                            },
                            "protocol": "any",
                            "name": "Internal_2_Internal"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "192.168.160.0/20"
                                ],
                                "ports": [
                                    "22",
                                    "4444",
                                    "5555",
                                    "8080"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "10.10.51.0/24"
                                ]
                            },
                            "remark": "Console Testing Scalability",
                            "protocol": "tcp",
                            "name": "VMware_Console_Test"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "224.0.0.18"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "192.16.2.5"
                                ]
                            },
                            "protocol": "any",
                            "name": "VRRP_Multicast"
                        },
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "224.0.0.22"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "192.16.2.4"
                                ]
                            },
                            "protocol": "any",
                            "name": "VRRP_Multicast_2"
                        }
                    ],
                    "class": "Firewall_Rule_List"
                },
                "Outside-GSLAB": {
                    "rules": [
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "224.0.0.22"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "192.16.2.4"
                                ]
                            },
                            "protocol": "any",
                            "name": "VRRP_Multicast_3"
                        }
                    ],
                    "class": "Firewall_Rule_List"
                },
                "GSLAB": {
                    "rules": [
                        {
                            "use": "/Common/Shared/Blacklist"
                        },
                        {
                            "use": "/Common/Shared/Inside_GSLAB"
                        },
                        {
                            "action": "drop",
                            "name": "Explicit_Deny",
                            "protocol": "any"
                        }
                    ],
                    "class": "Firewall_Policy"
                }
            }
        }
    }
}
  1. Observe the following error response:
    "results": [
        {
            "code": 200,
            "message": "success",
            "lineCount": 51,
            "host": "localhost",
            "tenant": "Common",
            "runTime": 5367,
            "declarationId": "urn:uuid:aa0b634e-b54a-4d88-9652-0f2265085b84"
        },
        {
            "message": "failure querying config for tenant Common (Cannot read property 'name' of undefined)",
            "host": "localhost",
            "tenant": "Common",
            "code": 422,
            "declarationId": "urn:uuid:aa0b634e-b54a-4d88-9652-0f2265085b84"
        }
    ],

Expected Behavior

Remove

 "Outside-GSLAB": {
                    "rules": [
                        {
                            "action": "accept",
                            "destination": {
                                "addresses": [
                                    "224.0.0.22"
                                ]
                            },
                            "source": {
                                "addresses": [
                                    "192.16.2.4"
                                ]
                            },
                            "protocol": "any",
                            "name": "VRRP_Multicast_3"
                        }
                    ],
                    "class": "Firewall_Rule_List"
                },

And it is successful

    "results": [
        {
            "code": 200,
            "message": "success",
            "lineCount": 48,
            "host": "localhost",
            "tenant": "Common",
            "runTime": 4112,
            "declarationId": "urn:uuid:aa0b634e-b54a-4d88-9652-0f2265085b84"
        },
        {
            "code": 200,
            "message": "success",
            "lineCount": 18,
            "host": "localhost",
            "tenant": "Common",
            "runTime": 4700,
            "declarationId": "urn:uuid:aa0b634e-b54a-4d88-9652-0f2265085b84"
        }
    ],

Actual Behavior

Trying to REPOST or DELETE get the follow error.

{
    "results": [
        {
            "message": "failure querying config for tenant Common (Cannot read property 'name' of undefined)",
            "host": "localhost",
            "tenant": "Common",
            "code": 422,
            "declarationId": "1731616042801"
        },
        {
            "message": "failure querying config for tenant Common (Cannot read property 'name' of undefined)",
            "host": "localhost",
            "tenant": "Common",
            "code": 422,
            "declarationId": "1731616042801"
        }
    ],
@F5Rob F5Rob added bug Something isn't working untriaged Issue needs to be reviewed for validity labels Nov 14, 2024
@seamlessfirework
Copy link

seamlessfirework commented Nov 19, 2024

I am experiencing exactly the same in lab env. But I was not able get it working again. I factory reset my VE everytime I run into this error.

However, my scenario little differs from yours. I deployed two forwarding VS in Common with firewall policies attached - no problem. Even re-deploying was no problem. The first the time the problem occured was when I added a standard VS with a firewall policy attached.

The first deployment of the declaration is sucessfully. A redeployment with exactly the same declaration fails with this error message.

[
  {
    "message": "failure querying config for tenant tenant-test (Cannot read property 'name' of undefined)",
    "host": "localhost",
    "tenant": "tenant-test",
    "code": 422,
    "declarationId": "autogen_9bc848d9-136f-43d3-aa4a-be39cbfc68fb"
  }
]

Further re-deployments fail, deletion, too. I always made a factory reset. But thanks to Rob I got it working again deleting all the AS3 config items manually. Thanks @F5Rob

No problem, two forwarding VS only

{
  "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/latest/as3-schema.json",
  "tenant-test": {
    "class": "Tenant",
    "app-tentant-test": {
      "class": "Application",
      "template": "generic",
      "vs-tcp-anyport-forward-proxy.example.com": {
        "class": "Service_L4",
        "remark": "TCP forward-proxy.example.com",
        "virtualAddresses": [
          "10.2.0.1"
        ],
        "virtualPort": 0,
        "redirect80": false,
        "snat": "auto",
        "profileL4": {
          "bigip": "/Common/fastL4"
        },
        "allowVlans": [
          {
            "bigip": "/Common/external"
          }
        ]
      },
      "vs-udp-anyport-forward-proxy.example.com": {
        "class": "Service_L4",
        "remark": "UDP forward-proxy.example.com",
        "virtualAddresses": [
          "10.1.0.1"
        ],
        "virtualPort": 0,
        "redirect80": false,
        "snat": "auto",
        "layer4": "udp",
        "profileL4": {
          "bigip": "/Common/fastL4"
        },
        "allowVlans": [
          {
            "bigip": "/Common/external"
          }
        ]
      }
    }
  },
  "class": "ADC",
  "schemaVersion": "3.53.0"
}

No problem, two forwarding VS with firewall policies attached

{
  "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/latest/as3-schema.json",
  "tenant-test": {
    "class": "Tenant",
    "app-tentant-test": {
      "class": "Application",
      "template": "generic",
      "vs-tcp-anyport-forward-proxy.example.com": {
        "class": "Service_L4",
        "remark": "TCP forward-proxy.example.com",
        "virtualAddresses": [
          "10.2.0.1"
        ],
        "virtualPort": 0,
        "redirect80": false,
        "snat": "auto",
        "profileL4": {
          "bigip": "/Common/fastL4"
        },
        "allowVlans": [
          {
            "bigip": "/Common/external"
          }
        ],
        "policyFirewallEnforced": {
          "use": "firewall-policy-tcp-forward-proxy.example.com"
        }
      },
      "firewall-rule-list-tcp-forward-proxy.example.com": {
        "class": "Firewall_Rule_List",
        "rules": [
          {
            "name": "rule-5.6.7.8",
            "remark": "test",
            "loggingEnabled": true,
            "protocol": "tcp",
            "source": {
              "addressLists": [
                {
                  "use": "host-5.6.7.8"
                }
              ]
            },
            "destination": {
              "addressLists": [
                {
                  "use": "group-ip-group"
                }
              ],
              "ports": [
                "443"
              ]
            },
            "action": "accept"
          },
          {
            "name": "rule-deny-any",
            "loggingEnabled": true,
            "action": "drop"
          }
        ]
      },
      "group-ip-group": {
        "class": "Firewall_Address_List",
        "addresses": [
          "1.1.1.1/32",
          "1.1.1.2/32",
          "1.1.1.3/32",
          "1.1.1.4/32",
          "1.1.1.5/32"
        ]
      },
      "host-5.6.7.8": {
        "class": "Firewall_Address_List",
        "addresses": [
          "5.6.7.8"
        ]
      },
      "firewall-policy-tcp-forward-proxy.example.com": {
        "rules": [
          {
            "use": "firewall-rule-list-tcp-forward-proxy.example.com"
          }
        ],
        "class": "Firewall_Policy"
      },
      "vs-udp-anyport-forward-proxy.example.com": {
        "class": "Service_L4",
        "remark": "UDP forward-proxy.example.com",
        "virtualAddresses": [
          "10.1.0.1"
        ],
        "virtualPort": 0,
        "redirect80": false,
        "snat": "auto",
        "layer4": "udp",
        "profileL4": {
          "bigip": "/Common/fastL4"
        },
        "allowVlans": [
          {
            "bigip": "/Common/external"
          }
        ],
        "policyFirewallEnforced": {
          "use": "firewall-policy-udp-forward-proxy.example.com"
        }
      },
      "firewall-rule-list-udp-forward-proxy.example.com": {
        "class": "Firewall_Rule_List",
        "rules": [
          {
            "name": "rule-stuff",
            "loggingEnabled": true,
            "protocol": "udp",
            "source": {
              "addressLists": [
                {
                  "use": "host-7.6.5.4"
                },
                {
                  "use": "host-5.6.7.8"
                },
                {
                  "use": "host-2.3.4.5"
                }
              ]
            },
            "destination": {
              "addressLists": [
                {
                  "use": "group-public-dns"
                }
              ],
              "ports": [
                "53"
              ]
            },
            "action": "accept"
          },
          {
            "name": "rule-deny-any",
            "loggingEnabled": true,
            "action": "drop"
          }
        ]
      },
      "group-public-dns": {
        "class": "Firewall_Address_List",
        "addresses": [
          "1.1.1.1/32",
          "8.8.8.8/32"
        ]
      },
      "host-7.6.5.4": {
        "class": "Firewall_Address_List",
        "addresses": [
          "7.6.5.4/32"
        ]
      },
      "host-2.3.4.5": {
        "class": "Firewall_Address_List",
        "addresses": [
          "2.3.4.5/32"
        ]
      },
      "firewall-policy-udp-forward-proxy.example.com": {
        "rules": [
          {
            "use": "firewall-rule-list-udp-forward-proxy.example.com"
          }
        ],
        "class": "Firewall_Policy"
      }
    }
  },
  "class": "ADC",
  "schemaVersion": "3.53.0"
}

Problem occurs with another standard VS and firewall policy attached

{
  "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/latest/as3-schema.json",
  "tenant-test": {
    "class": "Tenant",
    "app-tentant-test": {
      "class": "Application",
      "template": "generic",
      "vs-tcp-anyport-forward-proxy.example.com": {
        "class": "Service_L4",
        "remark": "TCP forward-proxy.example.com",
        "virtualAddresses": [
          "10.2.0.1"
        ],
        "virtualPort": 0,
        "redirect80": false,
        "snat": "auto",
        "profileL4": {
          "bigip": "/Common/fastL4"
        },
        "allowVlans": [
          {
            "bigip": "/Common/external"
          }
        ],
        "policyFirewallEnforced": {
          "use": "firewall-policy-tcp-forward-proxy.example.com"
        }
      },
      "firewall-rule-list-tcp-forward-proxy.example.com": {
        "class": "Firewall_Rule_List",
        "rules": [
          {
            "name": "rule-5.6.7.8",
            "remark": "test",
            "loggingEnabled": true,
            "protocol": "tcp",
            "source": {
              "addressLists": [
                {
                  "use": "host-5.6.7.8"
                }
              ]
            },
            "destination": {
              "addressLists": [
                {
                  "use": "group-ip-group"
                }
              ],
              "ports": [
                "443"
              ]
            },
            "action": "accept"
          },
          {
            "name": "rule-deny-any",
            "loggingEnabled": true,
            "action": "drop"
          }
        ]
      },
      "group-ip-group": {
        "class": "Firewall_Address_List",
        "addresses": [
          "1.1.1.1/32",
          "1.1.1.2/32",
          "1.1.1.3/32",
          "1.1.1.4/32",
          "1.1.1.5/32"
        ]
      },
      "host-5.6.7.8": {
        "class": "Firewall_Address_List",
        "addresses": [
          "5.6.7.8"
        ]
      },
      "firewall-policy-tcp-forward-proxy.example.com": {
        "rules": [
          {
            "use": "firewall-rule-list-tcp-forward-proxy.example.com"
          }
        ],
        "class": "Firewall_Policy"
      },
      "vs-udp-anyport-forward-proxy.example.com": {
        "class": "Service_L4",
        "remark": "UDP forward-proxy.example.com",
        "virtualAddresses": [
          "10.1.0.1"
        ],
        "virtualPort": 0,
        "redirect80": false,
        "snat": "auto",
        "layer4": "udp",
        "profileL4": {
          "bigip": "/Common/fastL4"
        },
        "allowVlans": [
          {
            "bigip": "/Common/external"
          }
        ],
        "policyFirewallEnforced": {
          "use": "firewall-policy-udp-forward-proxy.example.com"
        }
      },
      "firewall-rule-list-udp-forward-proxy.example.com": {
        "class": "Firewall_Rule_List",
        "rules": [
          {
            "name": "rule-stuff",
            "loggingEnabled": true,
            "protocol": "udp",
            "source": {
              "addressLists": [
                {
                  "use": "host-7.6.5.4"
                },
                {
                  "use": "host-5.6.7.8"
                },
                {
                  "use": "host-2.3.4.5"
                }
              ]
            },
            "destination": {
              "addressLists": [
                {
                  "use": "group-public-dns"
                }
              ],
              "ports": [
                "53"
              ]
            },
            "action": "accept"
          },
          {
            "name": "rule-deny-any",
            "loggingEnabled": true,
            "action": "drop"
          }
        ]
      },
      "group-public-dns": {
        "class": "Firewall_Address_List",
        "addresses": [
          "1.1.1.1/32",
          "8.8.8.8/32"
        ]
      },
      "host-7.6.5.4": {
        "class": "Firewall_Address_List",
        "addresses": [
          "7.6.5.4/32"
        ]
      },
      "host-2.3.4.5": {
        "class": "Firewall_Address_List",
        "addresses": [
          "2.3.4.5/32"
        ]
      },
      "firewall-policy-udp-forward-proxy.example.com": {
        "rules": [
          {
            "use": "firewall-rule-list-udp-forward-proxy.example.com"
          }
        ],
        "class": "Firewall_Policy"
      },
      "vs-tcp443-more-example.com": {
        "class": "Service_TCP",
        "remark": "more-example.com",
        "virtualAddresses": [
            "1.2.3.4"
        ],
        "virtualPort": 443,
        "redirect80": false,
        "snat": "none",
        "profileTCP": "lan",
        "allowVlans": [
          {
            "bigip": "/Common/external"
          }
        ],
        "pool": {
            "use": "pool-tcp12345-more-example.com"
        },
        "persistenceMethods": [ ],
        "policyFirewallEnforced": {
          "use": "firewall-policy-more-example.com"
        }
      },
      "pool-tcp12345-more-example.com": {
          "class": "Pool",
          "loadBalancingMode": "round-robin",
          "monitors": [
            {
              "use": "monitor-tcp54321-more-example.com"
            }
          ],
          "minimumMonitors": 1,
          "members": [
              {
                  "shareNodes": true,
                  "remark": "OpenShift Worker Node",
                  "servicePort": 12345,
                  "serverAddresses": [
                    "10.1.2.18",
                    "10.1.2.19",
                    "10.1.2.20"
                  ]
              }
          ]
      },
      "monitor-tcp54321-more-example.com": {
        "class": "Monitor",
        "interval": 5,
        "monitorType": "tcp",
        "targetAddress": "",
        "timeout": 16,
        "adaptive": false,
        "send": "",
        "receive": "",
        "targetPort": 30842
      },
      "firewall-rule-list-more-example.com": {
        "class": "Firewall_Rule_List",
        "rules": [
          {
            "name": "rule-https-only",
            "loggingEnabled": true,
            "protocol": "tcp",
            "destination": {
              "addressLists": [
                {
                  "use": "host-more-example.com-7.5.6.2"
                }
              ],
              "ports": [
                "443"
              ]
            },
            "action": "accept"
            },
          {
            "name": "rule-deny-any",
            "loggingEnabled": true,
            "action": "drop"
            }
        ]
      },
      "host-more-example.com-7.5.6.2": {
        "class": "Firewall_Address_List",
        "addresses": [
          "7.5.6.2"
        ]
      },
      "firewall-policy-more-example.com": {
        "rules": [
          {
            "use": "firewall-rule-list-more-example.com"
          }
        ],
        "class": "Firewall_Policy"
      }
    }
  },
  "class": "ADC",
  "schemaVersion": "3.53.0"
}

@JuergenMang
Copy link

I've just stumbled across this problem too.

@seamlessfirework
Copy link

Any plans fixing this? Maybe raising an official support issue will help in this case?

@F5Rob
Copy link
Author

F5Rob commented Dec 3, 2024

Any plans fixing this? Maybe raising an official support issue will help in this case?

I submitted a support case and F5 fixed it with a new .rpm, but will incorporate the fix in v3.54.0.

@seamlessfirework
Copy link

Any plans fixing this? Maybe raising an official support issue will help in this case?

I submitted a support case and F5 fixed it with a new .rpm, but will incorporate the fix in v3.54.0.

Sounds great! Any idea when the new rpm will be released?

@seamlessfirework
Copy link

Got feedback from F5 support team. The fix will be included in 3.54 which will be released Jan 15. Will get back here after some testing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working untriaged Issue needs to be reviewed for validity
Projects
None yet
Development

No branches or pull requests

3 participants