For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

nitass_89166's avatar
nitass_89166
Icon for Noctilucent rankNoctilucent
Jun 12, 2015

I assume that what you posted proves that asymmetrical routing could be used and it will work - Am I right?

 

yes

 

Is it not kind of security hole?

 

yes, you can say that.

 

is there any documentation I can read about ID461582 [Network Firewall] AFM behavioral change for ACL rule match and/or IP intelligence lookup for TCP flows?

 

i do not see it.

 

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Jun 12, 2015
I probably will as this is very importnat aspect of the project. Anyway I found something like that in 11.6.0 Release notes: 461582AFM previously matched firewall and IP Intelligence rules against the first TCP packet of a new flow, even if that packet would later be dropped by LTM,for example a FIN or RST packet. AFM no longer matches these packets, and LTM continues to drop them. Is that the same subject but expressed using different sentence? Piotr