Bug ID 429985: ICMP flood vector (and other ICMP vector) attacks are not detected when virtual server is configured in Forwarding mode

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.4.1 HF2, 11.4.0 HF4

Opened: Sep 06, 2013

Severity: 3-Major

Related Article: K11214571


ICMP flood and other ICMP DoS attacks are not detected/mitigated for ICMP traffic that matches a forwarding virtual server (set to All protocols).


ICMP flood (and some other ICMP attack) may not be detected by AFM DoS when virtual server is configured in forwarding mode and protocols is set to 'All Protocols' on the virtual server. This may result in bad traffic being undetected/mitigated as configured by user for corresponding ICMP DoS vectors in AFM


ICMP traffic matches virtual server that is configured in forwarding mode and has protocol set to 'All Protocols'


This issue has no workaround at this time.

Fix Information

ICMP Flood Attack will now be detected by BIG-IP operating in firewall (AFM) mode for a Forwarding Virtual Server with protocol = 'All Protocols'.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips