Bug ID 429985: ICMP flood vector (and other ICMP vector) attacks are not detected when virtual server is configured in Forwarding mode

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.4.1 HF2, 11.4.0 HF4

Opened: Sep 06, 2013
Severity: 3-Major
Related AskF5 Article:


ICMP flood and other ICMP DoS attacks are not detected/mitigated for ICMP traffic that matches a forwarding virtual server (set to All protocols).


ICMP flood (and some other ICMP attack) may not be detected by AFM DoS when virtual server is configured in forwarding mode and protocols is set to 'All Protocols' on the virtual server. This may result in bad traffic being undetected/mitigated as configured by user for corresponding ICMP DoS vectors in AFM


ICMP traffic matches virtual server that is configured in forwarding mode and has protocol set to 'All Protocols'


This issue has no workaround at this time.

Fix Information

ICMP Flood Attack will now be detected by BIG-IP operating in firewall (AFM) mode for a Forwarding Virtual Server with protocol = 'All Protocols'.

Behavior Change