Inet port exhaustion on to (proto ) issue

Question

The SNAT IP expansion described in https://my.f5.com/manage/s/article/K33355231 is not applicable in this case, as there is no SNAT in the VS configuration. The recommended actions written on the article above are applicable mostly to typical configurations with a (standard) VS using SNAT (either Automap or SNAT pool). But, in case of AFM, it is not applicable.

The other option to solve the issue is to reduce or lower the value idle-timeout value that is too 'long'. Saving flow connections during 1 complete day seems to cause issues for its intended destination.

However, the second option may pose problems as there are possibly long lived connections. Is there any other way to solve the issue?

jeff_giroux_f5 · Answer

Take a look at the AFM operations guide, "Port Exhaustion" section. It recommends to setup NAT/PAT.
https://my.f5.com/manage/s/article/K41572395

leslie_hubertus · Answer

Hi&nbsp;lttarvina&nbsp;- hopefully someone from the community can reply, but in case they don't, I'll see about finding someone from F5 to answer your questions.&nbsp;

lttarvina · Answer

Hello, and thanks for your feedback.&nbsp;No one has answered my question yet.Thanks.

Forum Discussion

Inet port exhaustion on <ip_address> to <ip_address:port> (proto <protocol>) issue

3 Replies

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Static route gateway <ip_address> is not directly connected via an interface</ip_address>

Demystifying iControl REST Part 3 - How to pass query parameters and tmsh options