16-Feb-2021 12:19
Hi;
Since the F5 LTM is a default deny device, my understanding is that the deny action is a "drop" action. Can this behaviour be changed to make the default deny action a "Reset" action?
Kindly
Wasfi
Solved! Go to Solution.
17-Feb-2021 16:15
Hi, Wasfi,
In reading on LTM global settings, the traffic-control reject-unmatched setting is what controls this behavior. When enabled, which is the default, the system returns a TCP RESET or ICMP_UNREACH packet if no virtual servers on the system match the destination address of the incoming packet. When this option is disabled, the system silently drops the unmatched packet. You can list this setting from the TMOS Shell (TMSH) as follows:
(tmos)# list /ltm global-settings traffic-control reject-unmatched
17-Feb-2021 16:15
Hi, Wasfi,
In reading on LTM global settings, the traffic-control reject-unmatched setting is what controls this behavior. When enabled, which is the default, the system returns a TCP RESET or ICMP_UNREACH packet if no virtual servers on the system match the destination address of the incoming packet. When this option is disabled, the system silently drops the unmatched packet. You can list this setting from the TMOS Shell (TMSH) as follows:
(tmos)# list /ltm global-settings traffic-control reject-unmatched
17-Feb-2021 16:42
Thank you Crodriguez.