Randomized Ports

We are using 3600 and 8900s running 10.1 HF2. We SNAT to an Server VLAN IP on a VS by VS basis. Basically, if a VS is a Prod or DEV VS it will be in the same FE VS range, but the SNAT for each would be different being that the BE devices are on different networks. Each FE VS has its own corresponding unique SNAT just like its listening IP.

 

 

We found this issue primarily on our Windows boxes using sniffers and the NMAP command. What we would see, is from the SNAT address a number or requests preserving the client ports. Using NMAP, we would see the number of open ports on the server. Occasionally, under load, we would see a request coming in to the server but no ack. Using NMAP, we would see that that paticular port would already be considered open and the server would ignore the traffic and the user would receive a "page cannot be displayed" or "404". F5 support had us turn of preserver ports and the problem went away.

 

 

What I am looking for, is some other way to address this problem that would allow me to turn that function back on.