Last Modified: May 29, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0, 13.1.1.2
Opened: Feb 22, 2018 Severity: 4-Minor
The 'SYN Challenge Handling' setting of a TCP profile can be reverted to defaults when a TCP profile is updated using the BIG-IP management GUI.
Loss of TCP profile syn challenge configuration settings
The SYN Challenge Handling settings of a TCP profile have previously been set to non-default values, and a configuration change is later made to the same TCP profile using the GUI.
In the GUI, specifically set the SYN Challenge Handling fields after making an update to other TCP profile fields, or use tmsh to make the changes instead SYN Challenge GUI Setting: Nominal TMSH: syn-cookie-enable enabled syn-cookie-whitelist disabled GUI Setting: Challenge and Remember TMSH: syn-cookie-enable enabled syn-cookie-whitelist enabled GUI Setting: Disable Challenges: syn-cookie-enable disabled syn-cookie-whitelist disabled
Now syn challenge handling setting isn't overwritten when tcp profile is updated