Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
11.6.2 HF1
Fixed In:
11.6.0, 11.5.1 HF4
Opened: Apr 08, 2014 Severity: 3-Major Related Article:
K16677
If AFM rule action (at global or rtdom contexts) is Drop/reject, LTM overrides this action for EPHEMERAL connections (such as FTP data channel) without any visibility.
If AFM rule (at global or rtdom context) action is Drop or Reject, LTM will override this for EPHEMERAL connections (such as FTP data connections) and will allow the connection to go through. This may cause confusion if the matching AFM rule is logged. It gives an impression that the connection has been dropped (or rejected) but in reality, the connection is allowed.
There are matching rules with action = Drop/Reject and logging enabled (either at global or route-domain context) for EPHEMERAL connections (flows) such as FTP data traffic.
None
AFM rule-matching actions are now consistent with logging for EPHEMERAL connections, so no connections that succeed are logged in a manner that makes it appear as if they were dropped (or rejected).