Last Modified: Aug 05, 2025
Affected Product(s):
BIG-IP AFM, Install/Upgrade
Known Affected Versions:
17.1.2.2
Opened: Jul 31, 2025 Severity: 3-Major
After upgrading BIG-IP from version 16.1.5.2 to 17.1.2.2, the DoS vector threshold mode for tcp-syn-flood unexpectedly changes from "fully automatic" to "manual."
-- GUI inaccessibility, BIG-IP is in offline state. -- The system does not use the intended DoS protection settings. This can lead to service disruption, as the device may not load the required configuration.
Enable the vector eg: tcp-syn-flood in v16.1.5.2 with threshold mode as fully automatic, threshold set to infinite and bad actor enabled. upgrade to v17.1.2.2. Device is running BIG-IP version 16.1.5.2 (or similar 16.x version) prior to upgrade. The tcp-syn-flood DoS vector is configured with threshold-mode set to fully-automatic. Additional vector settings include: detection-threshold-pps infinite bad-actor is enabled. per-source-ip-detection-pps is set to 9000. per-source-ip-limit-pps is set to 100000. The device is upgraded from version 16.1.5.2 to 17.1.2.2.
Manually revert the threshold mode to fully-automatic. tmsh load sys config
None