Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP CGN
Known Affected Versions:
12.1.0
Fixed In:
13.0.0, 12.1.1
Opened: Apr 01, 2016 Severity: 2-Critical
Connections that use a PBA port block should keep the port block from expiring. However inbound connections to a client using a port block will fail to refresh the block, causing the block to expire pre-maturely. An inbound connection can remain active while the port block has been deleted.
When reverse mapping an inbound connection to a subscriber (e.g. trying to find who was using an ip address/port at a particular time), customers may find no corresponding port block, or a port block belonging to another client when the reverse map is performed at a time when the connection is closed.
An inbound connection with no outbound connections fails to keep a port block alive, resulting in an inbound connection to a client without a corresponding port block.
When performing a reverse map, customers should use the start time of a connection to determine which port block was in use.
Inbound connections properly refresh the port block, preventing premature expiration of the port block.