Bug ID 719600: TCP::collect iRule with L7 policy present may result in connection reset

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1, 14.0.0,,

Fixed In:

Opened: May 10, 2018

Severity: 3-Major


If an iRule utilizing TCP::collect and HTTP_REQUEST is on a virtual server with an L7 policy, the policy engine may cause the connection to be unexpectedly reset with a 'policy execution error' reset cause, and 'Unable to resume pending policy event on connflow' will be logged to /var/log/ltm.


Connections may be unexpectedly reset and errors logged to /var/log/ltm.


TCP::collect and HTTP_REQUEST iRule with L7 policy on virtual server.


At the start of the HTTP_REQUEST event, issue an 'after 1' command to allow the policy engine to reach a consistent state before proceeding with the remainder of the iRule.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips