F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Jan 11, 2018

AFM Drops drop_reason="Connection Flow Miss"

Hi

We have AFM logs going to a SIEM and they are generating thousands per hour drops for the reason drop_reason="Connection Flow Miss". Google yielded not much so didn't know if anyone has seen this and what might be causing it. I understand it maybe down to seeing a non-SYN or not matching TCP packet but there's just so many.

It seems to be mostly from Server-to-F5 FloatIP communication

Regards

Stuart

1 Reply

Jinshu
Cirrus
Jan 11, 2018
Hi mate,

Packets that were dropped because of a flow table miss. A flow table miss occurs when a TCP non-SYN packet does not match an existing flow.

You can disable this logging to SIEM if you would like to.

https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-11-6-0/13.html

Hope this helps.

-Jinshu

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Bram - January 2026 Featured Member

DevCentral News

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

container ingress services

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5