Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4
Opened: May 18, 2020 Severity: 2-Critical
When whitelisting traffic from an external IP address that is targeting a virtual IP address on an internal VLAN, if you specify the source IP address from the external VLAN, once the traffic has been processed on the internal VLAN, the whitelist no longer applies.
Hardware offload on the TCP Push Flood vector causes goodput to drop.
This occurs when configuring whitelists.
To have the traffic from that external VLAN processed, all traffic on the internal VLAN must either be added as a second whitelist or the external VLAN must be wildcarded to not specify the external VLAN.
None