TCP Traffic Path Diagram

Thanks @Marta. I've shown the connection table check (for non-SYN packets). Unless a connection has shut down uncleanly I believe this is the expected behaviour. Note this is for a standard VS. I'm not entirely clear where SNAT/NAT is concerned, I'll look it up and get back to you. I'm not clear where you'd like me to add the Self IPs - could you elaborate please?

Hi, thank you for replying :) When a packet is process on the BIG-IP, the secuence is: 1) Check connections in Connection Table 2) Packet Filter 3) Virtual server (following order on SOL14800) -> If VS with SNAT (process stops here). Otherwise it goes to Global SNAT. 4) SNAT 5) NAT 6) SELFIP 7) DROP So, in your diagram the "packet filter" is process ahead the "Connection table" (what will only happen with AFM in Firewall mode)... Maybe that´s what you want to show with your diagram.. Is it?

Hey Marta. My understanding is that the packet filtering comes first. It's not an F5 document but see here: https://devcentral.f5.com/d/big-ip-v9-flow-path. However, I have seen documentation (not official) stating it's the way round that you suggest. Not sure how to confirm? I think this confusion is due to the 'Filter established connections' option for a packet filter. I shall investigate further. OK, this seems to confirm what you have asserted Marta: https://support.f5.com/kb/en-us/solutions/public/12000/800/sol12831.html. I'll update the diagram shortly. DONE. Let me know if I've missed anything else?