Bug ID 1849265

Bug Tracker
ID 1849265

Bug ID 1849265: A VCMP guest may not exit hardware syncookie mode

Last Modified: Apr 05, 2025

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.5.0

Opened: Mar 07, 2025

Severity: 3-Major

Symptoms

On a VCMP guest, if a virtual server enters hardware syncookie mode due to a syn flood, and the vip is passing a significant amount of valid traffic, it may not exit syncooke mode.

Impact

Syncookies may continue to be issued even though the attack has stopped.

Conditions

VCMP guest Hardware syncookie mode

Workaround

Remove traffic from the virtual server until syncookies deactivates.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips