Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

JamesCrk's avatar
JamesCrk
Icon for Cirrus rankCirrus
Oct 10, 2023

Stateless routing

HI all, as per K7595 we created a route forwader with loose initation and loose close enabled, however we still have traffic hitting this route forwarder get dropped as out of state every month or so...
security
Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Oct 10, 2023

Hi JamesCrk , 

Have you added the correct routes on bigip ip , for instance ( Static routes ). 

Creating forward virtual server will help to make bigip process traffic that destinated to the Forwarder Virtual server ip , but you need to adjust the routes of bigip itself. 

another thing : 
take a packet capture in both directions ( Client/server ) to see if bigip send/receive traffic on both sides or not.

JamesCrk's avatar
JamesCrk
Icon for Cirrus rankCirrus
Oct 10, 2023

Hi, the routing works fine, its only when the tcp gets out of state for some reason the F5 starts rejecting it, we just want to allow that through regardless of state

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Oct 11, 2023

    Hi JamesCrk , 
    I believe you can retrieve your dropped connections by deleting it's entry from Connection table , no need to create the forwarder VS again. 
    use this article to delete it : https://my.f5.com/manage/s/article/K53851362

    If your connections are continous and not reach to idle timeout and there is a glitch in your network , sure this is may cause an impact for these connections and deleting them from connection table will solve it. 

    I faced an issue like this before similar to your scenario