For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Jun 23, 2014

Usecase for Reject Virtual server?

Hello Folks,   Can someone please help me in which case shall we use Reject VS?   In most of the implementation, BIG-IP deployed behind a permitter firewall. If Firewall receives any uninvited...
reject vs
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jun 24, 2014

If I may add, the LTM is a default deny device. You don't need an all-inclusive filter rule applied to say "reject if not matching an allowed IP", because that already exists in the absence of anything at all. If you don't actively create a listener - a virtual server or NAT - then the LTM won't respond to any requests. The TM.RejectUnmatched option is interesting in that it allows you to choose how packets are rejected. Set to true and LTM sends a RST. Set to false and LTM drops the request packet. In either case the request is denied.