Bug ID 567660: Disabling global Auto Last Hop setting breaks APM's Remote Desktop Gateway (RDG) feature

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1 HF1

Opened: Jan 14, 2016

Severity: 3-Major


Existing TCP connection is being sporadically disrupted by the BIG-IP virtual server sending out a SYN, ACK, causing existing connection to fail. The client and virtual server set up a good TCP connection, complete the SSL handshake, and start to pass application data. APM virtual server then sends SYN, ACK with sequence and ACK numbers that do not match the existing stream. The APM then tries three SYN-ACKs before giving up and sending out a RST-ACK, which drops the connection attempt, but as it shares the same ip:port number as the existing connection, resets the good connection.


APM RDG feature does not work


Auto Last Hop setting is disabled.


You can use either of the following workarounds: -- Enable Auto Last Hop. -- Set cmp_enabled to 'NO' on the virtual server.

Fix Information

APM RDG feature now works as expected when Auto Last Hop is disabled.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips