Last Modified: Feb 15, 2022
Affected Product:
See more info
BIG-IP TMOS
Opened: Oct 27, 2017
Severity: 3-Major
When global auto last hop is disabled, for iSeries platforms (excluding i2xxx/i4xxx) and B4450 blades, hardware syncookie mode is used on SYN attack.
The virtual server can enter hardware syncookie mode, at which point responses will be routed using the incoming packet route. This can break configurations that are using asymmetric routing.
Global autohop is disabled. This setting is controlled by the following DB variable: # tmsh list sys db connection.autolasthop sys db connection.autolasthop { value "enable" } The default setting is enable.
Disable hardware syncookies using the following DB variable: # tmsh list sys db pvasyncookies.enabled sys db pvasyncookies.enabled { value "true" } The default setting is true.
None