Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3
12.0.0, 12.0.0, 11.6.0 HF4, 11.5.1 HF6, 11.5.0 HF1, 11.4.1 HF2, 11.4.0 HF4
Opened: Sep 05, 2013
Related Article: K17576
When AFM is operating in Default Deny mode, traffic that does not match a Virtual or Self IP is dropped/rejected silently without any counter increment or logging (if global default drop logging is enabled).
While there is no impact on the traffic that does not match virtual or Self IP (and is correctly being dropped), the issue is not updating any counters or logging (if enabled).
VIP/SelfIP Default Action is set to Drop/Reject. Global Default Action is set to Drop and global rule logging is enabled. Traffic does not match any virtual or selfip.
This issue has no workaround at this time.
When operating in firewall (AFM) mode i.e. default deny, the BIG-IP system will now count and log (if enabled) any traffic that does not match a Virtual or Self IP and is being dropped/rejected.