Since the F5 LTM is a default deny device, my understanding is that the deny action is a "drop" action. Can this behaviour be changed to make the default deny action a "Reset" action?
In reading on LTM global settings, the traffic-controlreject-unmatched setting is what controls this behavior. When enabled, which is the default, the system returns a TCP RESET or ICMP_UNREACH packet if no virtual servers on the system match the destination address of the incoming packet. When this option is disabled, the system silently drops the unmatched packet. You can list this setting from the TMOS Shell (TMSH) as follows:
(tmos)# list /ltm global-settings traffic-control reject-unmatched
In reading on LTM global settings, the traffic-controlreject-unmatched setting is what controls this behavior. When enabled, which is the default, the system returns a TCP RESET or ICMP_UNREACH packet if no virtual servers on the system match the destination address of the incoming packet. When this option is disabled, the system silently drops the unmatched packet. You can list this setting from the TMOS Shell (TMSH) as follows:
(tmos)# list /ltm global-settings traffic-control reject-unmatched
