Bug ID 866161: Client port reuse causes RST when the security service attempts server connection reuse.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.1.0, 15.1.0.1

Fixed In:
16.0.0, 15.1.0.2, 15.0.1.3, 14.1.2.5

Opened: Jan 03, 2020

Severity: 3-Major

Symptoms

If the security service attempts server connection reuse, client port reuse causes RST on new connections.

Impact

The BIG-IP system or SSLO rejects new connection from clients when a client reuses the port.

Conditions

-- Service profile is attached to virtual server. or -- SSL Orchestrator (SSLO) is licensed and provisioned and Service chain is added in the security policy. -- Security service reuses server-side connection. -- Client reuses the source port.

Workaround

None.

Fix Information

The BIG-IP system or SSLO no longer rejects the client connection when the service tries to the reuse server connection and the client reuses the port.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips