For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Oct 05, 2017

TMOS v13 Update: ASM::enable / ASM::disable commands are causing TCL exemptions...

Hi Folks, I'm in the process of updating an ASM enabled LTM from version 12.1 to v13.0. The update process was overall successful. The only problem we're facing right now is, that one of our ASM...
ASM Advanced WAF
LTM
security
Jeremy_140196's avatar
Jeremy_140196
Icon for Nimbostratus rankNimbostratus
Oct 26, 2017

Hi Kai,

 

I encounter the same issue as you (13.0 HF2) Example : TCL error: /Common/asm_irule - while executing "ASM::enable /Common/security_xxx"

 

I have a LTP assigned with my "default" Policy (LTP created by the system). Once assigned, I would like to change the Policy on "HTTP::host" event and error occurs...

 

I saw this issue occured ramdomly... if I change my default Policy, no issue. I have checked the difference between both and the root cause is ....:

 

Detect Session Hijacking by Device ID Tracking (Security ›› Application Security : Sessions and Logins : Session Tracking)

 

You have to ENABLE it. Very very strange, but it works for me.

 

Could you please test it ? Let me know If you have the same behavior.

 

Jeremy.

 

Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Nov 29, 2017

Hi Jeremy,

 

I will check this out next week during a maintenance windows. Will let you know if this works out for me...

 

Thanks for commenting and Cheers, Kai