Last Modified: Jul 24, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3
Opened: Oct 23, 2023 Severity: 3-Major
Hardware syncookie protection might be activated without TMM reflecting such state. Only the following log will be shown when this happens (even though hardware protection is activated): warning tmm5[24301]: 01010038:4: Syncookie counter 53 exceeded vip threshold 52 for virtual = 1.1.1.1:443 Normally two following messages should be visible: warning tmm5[24301]: 01010038:4: Syncookie counter 53 exceeded vip threshold 52 for virtual = 1.1.1.1:443 notice tmm5[24301]: 01010240:5: Syncookie HW mode activated, server name = /Common/test server IP = 1.1.1.1:443, HSB modId = 5 There exist exceptions to this rule. If unsure, please open a support case.
Hardware syncookie protection stays activated without TMM reflecting the state. Hardware syncookie protection stays activated until traffic subsides and hardware deativates protection. Some connections might not be opened properly.
Hardware syncookie protection activated on a TCP/fastL4 profile. Undisclosed traffic pattern hits virtual server.
None
None