Bug ID 1003377: Disabling DoS TCP SYN-ACK does not clear suspicious event count option

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,

Opened: Mar 17, 2021
Severity: 4-Minor


When the 'Only Count Suspicious Events' option is turned on for the TCP SYN ACK Flood vector and the vector gets disabled, TMM continues operating as if 'Only Count Suspicious Events' is still configured.


BIG-IP system might continue altering TCP initial sequence numbers for SYN-ACK cookie validations.


Disabling TCP SYN ACK Flood vector with 'Only Count Suspicious Events' enabled.


Disable the 'Only Count Suspicious Events' option first, and then disable TCP SYN ACK Flood vector.

Fix Information


Behavior Change