Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP CGN
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1
Fixed In:
11.4.1 HF4, 11.4.0 HF6
Opened: Oct 23, 2013 Severity: 2-Critical Related Article:
K15750
In 11.4.0, HSL does not log long living connections. Instead, "LSN_ADD" and "LSN_DELETE" are logged where long living connections should be logged. However, "LSN_ADD" and "LSN_DELETE" can't replace long living connection as they're logged on the same second and doesn't provide duration of the connection. Deterministic NAT log entries for long live connections after configuration changes for Splunk/Syslog can not be used for reverse mapping.
Reverse mapping for connections around the time of configuration changes that impacted deterministic NAT reverse mapping could be incorrect.
Using deterministic NAT with log publish logging to Splunk or Syslog format utilizing the HSL mechanism, the log entries will show LSN_ADD/LSN_DELETE, these entries are not usable for reverse mapping translations.
Use LTM log if changes needs to be made to LSN Pool that affects translation.
LSN pool will now correctly log long-live connections usable by dnatutil.