Last Modified: Jul 10, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
13.1.5, 13.1.5.1, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2
Fixed In:
17.1.0, 15.1.9
Opened: Jun 17, 2022 Severity: 3-Major
Due to algorithm mismatch in software and hardware, valid TCP connections may get rejected with "No flow found for ACK' reset-cause while HW SYN cookie mode is active.
Service degradation.
In vCMP environment either the host or the guest is installed with an affected version.
Disable HW SYN cookie globally on the guest.
SYN cookie hash algorithm is correctly selected on vCMP guests.