Bug ID 699284: ICMP drop logs sometimes has wrong logging field values

Last Modified: Apr 11, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.2, 12.1.3,,,,,,,, 12.1.4

Fixed In:

Opened: Dec 18, 2017

Severity: 3-Major


With ACL policy configured to allow a restricted set of traffic (say TCP packets) but disallowing ICMP, the client ICMP messages are being rightfully dropped. But the drops with ACL logging enabled, shows up wrong values. The values sometimes show up as TCP packet being dropped, instead of ICMP.


Functionally, the ACL dropping behavior is correct. But with logging fields being displayed wrong, it appears as if a packet which was not supposed to be dropped is being wrongly rejected. No functional impact, the problem is only with logging information being wrong.


ICMP packet is configured to be dropped through ACL Rule policy, with logging enable on ACL Rule, the logs generated has wrong values. Sometimes, the field values for ICMP are totally wrong, and it could show up as a TCP connection being dropped (especially, when the most recent request was a TCP connection).



Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips