Forum Discussion
Wasfi_Bounni
Cirrocumulus
CirrocumulusCan the default deny action be changed from drop to reset
Hi; Since the F5 LTM is a default deny device, my understanding is that the deny action is a "drop" action. Can this behaviour be changed to make the default deny action a "Reset" action? ...
Hi, Wasfi,
In reading on LTM global settings, the traffic-control reject-unmatched setting is what controls this behavior. When enabled, which is the default, the system returns a TCP RESET or ICMP_UNREACH packet if no virtual servers on the system match the destination address of the incoming packet. When this option is disabled, the system silently drops the unmatched packet. You can list this setting from the TMOS Shell (TMSH) as follows:
(tmos)# list /ltm global-settings traffic-control reject-unmatched
Hi, Wasfi,
In reading on LTM global settings, the traffic-control reject-unmatched setting is what controls this behavior. When enabled, which is the default, the system returns a TCP RESET or ICMP_UNREACH packet if no virtual servers on the system match the destination address of the incoming packet. When this option is disabled, the system silently drops the unmatched packet. You can list this setting from the TMOS Shell (TMSH) as follows:
(tmos)# list /ltm global-settings traffic-control reject-unmatched