F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

John_Krum's avatar
John_Krum
Icon for Cirrus rankCirrus
Oct 03, 2022

Can you stop RST from being sent by VIP

I work for a large regional public transportation company. We are in the beginning process of rolling out phones with a VoIP over the top application on them. This will eliminate the need for radios ...
application delivery
rst
vip
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 05, 2022

At the very least, you have a VIP with the correct IP, but wrong port. That's what is causing the RST response.

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 05, 2022

I'll add, as the RST is not specifically coming from the VIP, since that VIP isn't listening on the correct port, you'd likely need something global to control behavior. There are also a few additional options:

  • AFM (Advanced Firewall Manager) could be employed in a Global scope to discard any traffic that does not match the listening port(s).
  • For simpler tasks, a packet filter rule could be used. 
    • Packet Filtering: enabled
    • Unhandled Packet Action: Discard
    • Rules
      • Action: Accept
      • VLAN / Tunnel: * All
      • Filter Expression: { dst port 53 }

You'll need to tweak the packet filter rules to your environment, but this could effectively be used to discard any traffic coming to the BIG-IP that doesn't match a listening port.