Forum Discussion
Kevin_Stewart
Employee
At the very least, you have a VIP with the correct IP, but wrong port. That's what is causing the RST response.
Kevin_Stewart
Oct 05, 2022Employee
I'll add, as the RST is not specifically coming from the VIP, since that VIP isn't listening on the correct port, you'd likely need something global to control behavior. There are also a few additional options:
- AFM (Advanced Firewall Manager) could be employed in a Global scope to discard any traffic that does not match the listening port(s).
- For simpler tasks, a packet filter rule could be used.
- Packet Filtering: enabled
- Unhandled Packet Action: Discard
- Rules
- Action: Accept
- VLAN / Tunnel: * All
- Filter Expression: { dst port 53 }
You'll need to tweak the packet filter rules to your environment, but this could effectively be used to discard any traffic coming to the BIG-IP that doesn't match a listening port.