Last Modified: Jun 19, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2
Opened: Oct 07, 2024 Severity: 3-Major
ICMP echo request(s) sent through virtual may be dropped and ICMP destination admin prohibited response to ICMP echo response on server side of the flow.
This may cause misreporting for tools that use ICMP such as ping and traceroute.
-- A virtual server is configured with a security policy that performs NAT translation -- The virtual server is configured to forward ICMP (e.g., network forwarding virtual). -- Multiple ICMP echo requests are sent using the same ICMP ID.
Create an ICMP specific virtual that does not use security policy. If address translation is required, SNAT can be configured on the virtual server. For traceroute that support the -N / --sim-queries, this can be set to 1.
None