Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 15.1.4, 15.1.4.1, 15.1.5
Fixed In:
17.1.0, 15.1.5.1, 14.1.5
Opened: Jan 26, 2022 Severity: 2-Critical
When an object is in hardware SYN Cookie mode, some of the valid connections are also rejected with a "No flow found for ACK" reset cause.
Service degradation.
VELOS and rSeries platforms.
Disable hardware SYN Cookie on all objects (virtual server, VLAN, and so on).
Valid connections are now accepted in hardware SYN Cookie mode. New DB variable PvaSynCookies.HashMode added; which only takes effect on rSeries and VELOS platforms. This DB variable sets the syn cookie encoding algorithm to default, xor, or bsd. If a different encoding algorithm would otherwise be automatically selected, this setting overrides that selection. F5 recommends setting the value to "default".