Bug ID 964989: AFM DOS half-open does not handle wildcard virtual servers properly.

Last Modified: Jun 10, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3, 16.0.0,, 16.0.1,

Opened: Nov 16, 2020
Severity: 2-Critical


AFM DOS half-open vector does not handle wildcard virtual servers properly.


- Wrong statistics reporting. - Wrong status of syncookie protection. - Unexpected traffic drops.


-- Wildcard virtual-server. -- AFM DOS half-open vector configured. -- Attacks towards multiple destinations covered by a single virtual-server.


Split wildcard virtual server into a series of /32 virtual servers.

Fix Information


Behavior Change