Bug ID 584921: Inbound connections fail to keep port block alive

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP CGN(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2

Fixed In:
13.0.0, 12.1.1

Opened: Apr 01, 2016
Severity: 2-Critical


Connections that use a PBA port block should keep the port block from expiring. However inbound connections to a client using a port block will fail to refresh the block, causing the block to expire pre-maturely. An inbound connection can remain active while the port block has been deleted.


When reverse mapping an inbound connection to a subscriber (e.g. trying to find who was using an ip address/port at a particular time), customers may find no corresponding port block, or a port block belonging to another client when the reverse map is performed at a time when the connection is closed.


An inbound connection with no outbound connections fails to keep a port block alive, resulting in an inbound connection to a client without a corresponding port block.


When performing a reverse map, customers should use the start time of a connection to determine which port block was in use.

Fix Information

Inbound connections properly refresh the port block, preventing premature expiration of the port block.

Behavior Change