Last Modified: Sep 10, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
17.5.0, 17.5.1
Opened: Jul 09, 2025 Severity: 3-Major
-- When VLANs are configured in the network-whitelist, TCP traffic was properly bypassed, and DOS attack alarms were not triggered. -- DNS traffic, despite being sent from whitelisted VLANs, still trigger DOS attack alarms.
Despite being whitelisted, DNS queries (e.g., high-volume traffic) trigger DOS detection and mitigation due to improper whitelist logic handling. DNS resolution is disrupted.
-- VLANs assigned to the network-whitelist. -- Virtual wire mode (vWire) configured with the configured VLAN tags. -- Behavioral Analysis (BA) is enabled alongside DNS A Query and DNS AAAA Query attack vectors.
None
None