AFM Drops drop_reason="Connection Flow Miss"

Question

Hi&nbsp;
We have AFM logs going to a SIEM and they are generating thousands per hour drops for the reason drop_reason="Connection Flow Miss". Google yielded not much so didn't know if anyone has seen this and what might be causing it. I understand it maybe down to seeing a non-SYN or not matching TCP packet but there's just so many.&nbsp;
It seems to be mostly from Server-to-F5 FloatIP communication&nbsp;
Regards&nbsp;
Stuart&nbsp;

jinshu · Answer

Hi mate,&nbsp;
Packets that were dropped because of a flow table miss. A flow table miss occurs when a TCP non-SYN packet does not match an existing flow.&nbsp;
You can disable this logging to SIEM if you would like to.&nbsp;
https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-11-6-0/13.html&nbsp;
Hope this helps.&nbsp;
-Jinshu&nbsp;

Forum Discussion

AFM Drops drop_reason="Connection Flow Miss"

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Issue on connection limit

Wireshark Plugin for TLS

F5 Distributed Cloud Services Simulator Connect

F5 CIS -> NGINX Plus Ingress Controller Integration

Catch Dynamic CRL Errors and Return Friendly Page

Related Content

Scanning for CVE-2017-9841 Drops Precipitously

Missing TABs in "Application Security" BIG-IP 17.1.1.3 - BIG-IP 15.1.7

Drop reason counters.rx_portd_rdisc

What it meen status "missed" for interface 1.1?

ISAKMP packets dropped

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS