Forum Discussion
ASM security policy configuration auto changed
- Mar 04, 2021
yes that would very much be my advise. it doesnt feel right, you want to know why, but at some point that becomes more unlikely and the best thing is to just move forward.
Hello Rahul,
Do you have CMI/HA configured for these BIG-IPs?
Based on provided audit log I can make an assumption, that configuration of BIG-IP was recently restored from some UCS, but reason of that is not clear to me.
It can not be related to any Learning actions. Policy template can be removed only manually or via loading UCS without it (which most probably happened in your case)
Thanks, Ivan
Hello Ivan,
Yes these devices have HA configured as Active and Standby. I have also raised case with F5 support & share QKview report of both active and standby devices, but they couldn't see logs before than 15th Jan 2021.
And as per the current log history they can not confirm the root cause of this issue. Hence, this is still as unknown cause.
You are correct. The UCS backup is on dated of 15th Jan 2021 and there is no earlier backup file on the device.
Regards,
Rahul
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com