Bug ID 734645: AFM TCP Half Open vector might show mitigation when that is not happening

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP None(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,

Fixed In:

Opened: Jul 13, 2018

Severity: 3-Major


In AFM, it is possible that the device-level TCP Half Open vector will show int_drops when actually LTM per-vlan syncookie is mitigating the attack.


Stats could be misleading.


When AFM is enabled and LTM per-vlan syncookie is doing HW syncookies.


You can turn off the AFM TCP half Open vector.

Fix Information

Now, we will only show the TCP half Open stats when we are actually mitigating through TCP half Open vector.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips