Bug ID 624679: Managed devices was marked unavailable intermittently

Last Modified: Nov 22, 2021

Affected Product(s):
BIG-IQ Platform(all modules)

Known Affected Versions:
5.0.0, 5.0.0 HF1, 5.1.0

Opened: Oct 25, 2016

Severity: 2-Critical


Firewall rules intended to restrict access to an ant daemon running on the system might incorrectly interfere with managed device traffic generated by the BIG-IQ system on port 54321.


This may result in managed device being incorrectly marked unavailable.


BIG-IQ connection to managed devices with source port "54321".


As a workaround, add these iptables commands to the '/config/startup' script, and reboot the BIG-IQ system (or manually run these commands once). These commands modify the firewall rule to prevent interference with managed device traffic: /sbin/iptables -D INPUT -p tcp --dport 54321 -j REJECT --reject-with icmp-port-unreachable /sbin/iptables -D INPUT -p tcp -m tcp --dport 54321 --tcp-flags ACK,SYN SYN -j REJECT --reject-with tcp-reset /sbin/iptables -A INPUT -p tcp -m tcp --dport 54321 --tcp-flags ACK,SYN SYN -j REJECT --reject-with tcp-reset

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips