Last Modified: Nov 21, 2024
Affected Product(s):
BIG-IP AFM, Install/Upgrade
Known Affected Versions:
15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4
Opened: Jul 27, 2023 Severity: 3-Major Related Article:
K000136894
Some connections might be reset by the client or server when VLAN timestamp cookies are configured. One symptom commonly reported is that the virtual server for the email service suddenly stops working after upgrading.
Unexpected flow RSTs from client/server due to incorrect timestamp echo received from BIG-IP.
-- Flow accelerated in PVA. -- VLAN timestamp cookies configured for one side of the connection. -- Bigproto timestamp preserve option (default). -- Client and server sending timestamps.
Either: - Set fastL4 profile option 'tcp-pva-whento-offload' to 'establish' OR - Disable VLAN timestamp cookies. OR: - Disable tscookie inside tcp-ack-ts DoS vector. OR - Change fastL4 timestamp option to rewrite (this disables PVA acceleration).
None