Post upgrade from 11.2.0 to 11.5.1 - ASM Policies didn't migrate

Question

Hello Folks,&nbsp;
While working on a customer case, I was simulating their backup to my lab appliance before upgrading the production appliances.&nbsp;
Before upgrade:
Big-IP - 2000 series model.
Firmware - 11.2.1 HF13
Modules subscribed - LTM / ASM / AVR&nbsp;
Lab upgrade exercise
Big-IP - 4000 series
Firmware - 11.2.1 -&gt; Restored the backup successfully -&gt; Upgraded to 11.5.1
Modules - LTM / ASM / AVR&nbsp;
Now, post upgrade, I realize that my lab box shows "Active Policies", which were "Inactive" in 11.2.1, that means I don't have any active ASM policies visible after upgrading to 11.5.1. What I need to do now is, importing all the ASM policies manually one by one, and mapping it with LTM policies (as HTTP classes are no longer available).&nbsp;
Is there a way to recover previously applied ASM policies on 11.5.1?&nbsp;
Thank you,
Darshan&nbsp;

max_q_factor · Answer

I would restore the UCS archive again and I would look at the upgrade logs  (system) to see if there was a problem with the http class name. there were a lot of changes from 11.3 to 11.4 with regards to the HTTP class to traffic policy conversion and that's usually where I find issues like that. also review the release notes about it:  &nbsp;
New features introduced in 11.4.0&nbsp;

nathe · Answer

Darshan - to add to the above from AWS-ASA-3468, the Overview - Summary screen does sometimes highlight issues with an ASM upgrade. Is there anything there? Also, prior to upgrade I would've exported my ASM security policies (XML format) so I could re-import them if required post-upgrade. If you can restore back to 11.2.1 then I would recommend this.&nbsp;
N&nbsp;

swo0sh_gt_13163 · Answer

Thanks gentlemen for your replies.&nbsp;
Yes, I agree with AWS_ASA_3468, that HTTP Classes are no longer in use from 11.4.0 onwards. I found that all the classes were converted to LTM Policies. Also I noticed that the Virtual Servers, which had more than one HTTP Class applied, was merged into a single LTM Policy, and within the LTM Policy, there are 2 rules, for each HTTP Class.&nbsp;
I will try to reload the configuration again to see if it shows any changes.&nbsp;
@Nathan, I didn't see any errors in Configuration Utility for ASM. I have the exported ASM Policies, using the same for time being. I was just wondering if this is a known behavior or not.&nbsp;
I will update the thread once I successfully apply the ASM.&nbsp;
Thank you,
Darshan&nbsp;

Forum Discussion

Post upgrade from 11.2.0 to 11.5.1 - ASM Policies didn't migrate

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Rebalancing connections

Resetting to Factory Default

TCP Profile with Verified Accept enabled and three-way TCP handshake

BigIP/IQ Security Compliance Scanner

Question/Advice on iRule Remediating the Telerik (Unsafe Reflection Vulnerability (CVE-2025-3600)

Related Content

BIG-IP and App Migration across Heterogeneous Environments

Migrating between sites using stretched VLANs

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 3 - Migrate)

App Migration across Heterogeneous Environments using F5 Distributed Cloud

Fine-Tuning F5 NGINX WAF Policy with Policy Lifecycle Manager and Security Dashboard

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS