Bug ID 734645: AFM TCP Half Open vector might show mitigation when that is not happening

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP None(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,

Fixed In:

Opened: Jul 13, 2018
Severity: 3-Major


In AFM, it is possible that the device-level TCP Half Open vector will show int_drops when actually LTM per-vlan syncookie is mitigating the attack.


Stats could be misleading.


When AFM is enabled and LTM per-vlan syncookie is doing HW syncookies.


You can turn off the AFM TCP half Open vector.

Fix Information

Now, we will only show the TCP half Open stats when we are actually mitigating through TCP half Open vector.

Behavior Change