Bug ID 588337

Bug Tracker
ID 588337

Bug ID 588337: ICMPv6 Echo Reply may be dropped by AFM even if it has an existing connflow.

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
11.4.1

Opened: Apr 19, 2016

Severity: 3-Major

Symptoms

If you have an AFM rule to drop all icmpv6 messages, an ICMPv6 reply which matches an existing connflow on the BIG-IP system should NOT be dropped. However, it sometimes still gets dropped in a CMP-enabled platform.

Impact

AFM might drop the ICMPv6 Echo Reply even if it has an existing connflow.

Conditions

This occurs when the following conditions are met. 1. ICMPv6 traffic. 2. AFM rule to drop icmpv6 packets. 3. CMP involved.

Workaround

Do not configure an AFM rule to drop icmpv6 reply.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips