For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Feb 06, 2014

Forwarding TCP RST on VS with loose-init?

OK. I think there's a change between 11.2.1 and 11.4.1 on forwarding of tcp resets for connections NOT in the connection table across a network VS...   Unfortunately, I don't have an 11.2.1 box ha...
microsoft
TMOS
nitass's avatar
nitass
Icon for Employee rankEmployee
Feb 06, 2014

i do not have 11.2.1 and 11.4.1 but it seems it (reset) is forwarded in 10.2.4 but 11.5.0.

this is 10.2.4.

root@ve10(Active)(tmos) show sys version|grep -A 6 Main\ Package
Main Package
  Product  BIG-IP
  Version  10.2.4
  Build    817.0
  Edition  Hotfix HF7
  Date     Mon May 20 15:08:56 PDT 2013

root@ve10(Active)(tmos) list ltm virtual fwd
ltm virtual fwd {
    destination any:any
    ip-forward
    mask any
    profiles {
        fastl4_loose-init { }
    }
    snat automap
    translate-address disabled
    translate-port disabled
}
root@ve10(Active)(tmos) list ltm profile fastl4 fastl4_loose-init
ltm profile fastl4 fastl4_loose-init {
    loose-initialization enabled
    reset-on-timeout disabled
}

root@ve10(Active)(tmos) show sys connection cs-server-port 80
Sys::Connections
Total records returned: 0

[root@ve10:Active] config  tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:03:59.752471 IP 200.200.200.101.1579 > 172.28.24.1.80: R 903943335:903943335(0) win 512 in slot1/tmm0 lis=
23:03:59.752550 IP 172.28.24.15.1579 > 172.28.24.1.80: R 903943335:903943335(0) win 512 out slot1/tmm0 lis=fwd