Bug ID 457035: Packet that does not match any rule configured for a firewall is dropped.

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Fixed In:
11.5.0

Opened: Apr 14, 2014
Severity: 4-Minor

Symptoms

The outcome for a packet that does not match any rule on any context on the firewall is a global Drop rule.

Impact

Packet is dropped.

Conditions

Packet that does not match any rule configured for a firewall.

Workaround

None.

Fix Information

In previous releases, the outcome for a packet that did not match any rule on any context on the firewall was a global Drop rule. Now, such a packet, that does not match any rule on any context is Rejected. The operative difference is that the Drop rule is silent, while the Reject rule sends an appropriate reject response, for example RST for the TCP protocol.

Behavior Change