Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Fixed In:
12.1.0
Opened: Feb 10, 2015 Severity: 3-Major
PerVS AFM DoS sPVA whitelist is whitelisted at the global level also in the HW. In SW we don't do this.
HW DoS at the global level might not kick in for packets from IP Addresses which are on the virtual's whitelist.
AFM DoS sPVA with a virtual which has a src IP whitelist configured. Now, if packets come in from this src IP address they will not be counted towards global DoS in HW since they are considered whitelisted there too. SW will do global DoS on them.
No real workaround for the behavior - except to not configure a whitelist at the virtual level.
Device DoS in hardware and software currently ignores DoS whitelists defined at the virtual server level.