Last Modified: May 29, 2024
Affected Product(s):
BIG-IP APM, SSLO
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.1.0, 15.1.0.1
Fixed In:
16.0.0, 15.1.0.2, 15.0.1.3, 14.1.2.5
Opened: Dec 20, 2019 Severity: 3-Major
The BIG-IP system or SSL Orchestrator does not close server-side connections when the security service closes the connection with the BIG-IP or SSL Orchestrator. So if client reuses the port, SSL Orchestrator rejects new connections by sending RST.
The BIG-IP system or SSL Orchestrator rejects new connection from clients when a client reuses the port.
-- Service profile is attached to virtual server. or -- SSL Orchestrator is licensed and provisioned and Service chain is added in the security policy. -- Security service closes the server-side connection with SSL Orchestrator. -- Client reuses the source port.
None.
The BIG-IP system or SSL Orchestrator no longer rejects the client connection when the client reuses the port.