f5-appsvcs-extension
f5-appsvcs-extension copied to clipboard
Published
20 hours ago •
F5Networks
F5Networks
AS3 declaration is failing for CGN only licensed system
Environment
- Application Services Version: 1.45.0
- BIG-IP Version: 15.1.2.1
Summary
A clear and concise description of what the bug is. Please also include information about the reproducibility and the severity/impact of the issue.
The following classes is giving error that AFM license must be present while they are should be available with CGN only license system:
"class": "Security_Log_Profile" "class": "NAT_Source_Translation" "class": "NAT_Policy"
Steps To Reproduce
Steps to reproduce the behavior:
- Submit the following declaration (on bigip with CGN license only):
{
"class": "ADC",
"schemaVersion": "3.45.0",
"id": "urn:uuid:fc781932-0c1a-47df-8a45-3313634e52be",
"label": "Converted Declaration",
"remark": "Generated by Automation Config Converter",
"Common": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"Policy_1": {
"rules": [
{
"name": "rule1",
"protocol": "any",
"securityLogProfile": {
"use": "/Common/Shared/LOG_NAT"
},
"destination": {
},
"source": {
"addressLists": [
{
"use": "natSourceAddressList"
}
]
},
"sourceTranslation": {
"use": "/Common/Shared/PBA_T"
}
}
],
"class": "NAT_Policy"
},
"natSourceAddressList": {
"addresses": [
"10.10.10.0/24"
],
"class": "Firewall_Address_List"
},
"DNAT_T": {
"addresses": [
"10.20.10.100/32"
],
"patMode": "deterministic",
"ports": [
"1025-65000"
],
"type": "dynamic-pat",
"class": "NAT_Source_Translation"
},
"NAPT_T": {
"addresses": [
"10.20.10.90/32"
],
"ports": [
"1025-65353"
],
"type": "dynamic-pat",
"class": "NAT_Source_Translation"
},
"PBA_T": {
"addresses": [
"100.0.0.0/8"
],
"patMode": "pba",
"ports": [
"1025-65024"
],
"type": "dynamic-pat",
"class": "NAT_Source_Translation"
},
"VS_1": {
"remark": "Shared",
"translateServerAddress": false,
"translateServerPort": false,
"class": "Service_Forwarding",
"profileL4": {
"bigip": "/Common/fastL4"
},
"forwardingType": "ip",
"virtualAddresses": [
[
"0.0.0.0/0",
"10.10.10.0/24"
]
],
"virtualPort": 0,
"snat": "none",
"allowVlans": [
{
"bigip": "/Common/internal"
}
],
"policyNAT": {
"use": "/Common/Shared/Policy_1"
}
},
"LOG_NAT": {
"logEndInboundSession": true,
"logStartInboundSession": true,
"logStartOutboundSession": true,
"logEndOutboundSession": true,
"logErrors": true,
"publisher": "/Common/local-db-publisher",
"logSubscriberId": true,
"logQuotaExceeded": true,
"class": "Security_Log_Profile"
}
}
}
}
- Observe the following error response:
{
"code": 422,
"errors": [
"/Common/Shared/Policy_1: One of these F5 modules needs to be provisioned: afm"
],
"declarationFullId": "",
"message": "declaration is invalid"
}
Expected Behavior
This is a valid configuration for CGN only system, so it should work
Actual Behavior
declaration is failing because of license.
Thank you for your feedback. I have added your bug to the product backlog as AUTOTOOL-3918.
