AFM Drops drop_reason="Connection Flow Miss"

Question

Hi&nbsp;
We have AFM logs going to a SIEM and they are generating thousands per hour drops for the reason drop_reason="Connection Flow Miss". Google yielded not much so didn't know if anyone has seen this and what might be causing it. I understand it maybe down to seeing a non-SYN or not matching TCP packet but there's just so many.&nbsp;
It seems to be mostly from Server-to-F5 FloatIP communication&nbsp;
Regards&nbsp;
Stuart&nbsp;

jinshu · Answer

Hi mate,&nbsp;
Packets that were dropped because of a flow table miss. A flow table miss occurs when a TCP non-SYN packet does not match an existing flow.&nbsp;
You can disable this logging to SIEM if you would like to.&nbsp;
https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-11-6-0/13.html&nbsp;
Hope this helps.&nbsp;
-Jinshu&nbsp;

Forum Discussion

AFM Drops drop_reason="Connection Flow Miss"

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP in https that redirect to another vip in https

can you help with getting a BigIP virtual edition serial key

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Related Content

TSA Drops Shoes, IoT and Roundup

Scanning for CVE-2017-9841 Drops Precipitously

What it meen status "missed" for interface 1.1?

Drop reason counters.rx_portd_rdisc

Missing TABs in "Application Security" BIG-IP 17.1.1.3 - BIG-IP 15.1.7

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS