Forum Discussion

Nimbostratus

Oct 15, 2010

ICMP/TCP Deny on Pool Down

I know this topic was discussed some time ago but i have not yet seen any solid answers, and am wondering if it made it to a feature request. I want to be able to automatically deny the tcp ...

Nimbostratus

Aug 31, 2011

yep I have done that on my GSS, tcp probing answers configured as VIPs on the ports the VIP is listening on at the F5, in this case port 80. The thing I don't understand is the event here is CLIENT_ACCEPTED, doesn't that imply the F5 has to complete the 3 way handshake before the irule is evaluated? I do see when I telnet to the vip with the irules I mentioned above the connection is dropped right away, but that is after the initial handshake completes thus it's too late for the GSS to know better, it has already considered the keepalive passing. I have also tried reset and graceful on the GSS termination method, no dice.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ICMP/TCP Deny on Pool Down

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Deny access to F5 management from specific addresses

ICMP packets on a TCP monitor

SSL Offloading and Backend pool https

Clone Pool Across L3

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS