Bug ID 530795: In FastL4 TCP virtual servers, ICMP might send wrong SEQ number/ACK number.

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2

Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1 HF1, 11.5.3 HF2

Opened: Jun 30, 2015

Severity: 3-Major

Related Article: K90505290

Symptoms

The BIG-IP system may send ICMP messages that contain an incorrect tcp seq ack number in the embedded msg body.

Impact

The TCP connflow might be aborted if an ICMP message (such as More fragment) is received.

Conditions

FastL4 TCP virtual servers. Syncookie mode.

Workaround

None.

Fix Information

The BIG-IP system sends correct SEQ and ACK number in ICMP messages.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips