For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

thistuffjuice_3's avatar
thistuffjuice_3
Icon for Altostratus rankAltostratus
Aug 31, 2017

LTM Packet Filters Health Monitor Probes

Reading up on F5 LTM Packet-Filter's and rules, I believe that this is initially processed in order of inbound traffic before processing the traffic any further.   Assuming that the following conf...
application delivery
BIG-IP
LTM
security
Chris_Grant's avatar
Chris_Grant
Icon for Employee rankEmployee
Aug 31, 2017

By default the packet rules accept all traffic. They also accept all traffic that matches an existing connection. So unless you explicitly configure a rule to deny, it will be allowed. You can view existing connections via the connection table using standard tmsh commands (tmsh show sys conn) but be aware that this can take a while to run on a busy box, and cancelling it can cause tmm to core.

 

As such we really don't normally maintain a table for packet filters. You should not need to explicitly allow ICMP Echo response, but if you think your packet filters are catching your responses, you can try setting Allow Important ICMP and see if the observed behavior changes.