Forum Discussion
f5mkuDefault
Mar 17, 2021Cirrus
Just want to update this, currently f5 is pushing this to firewall problem...no closure yet
- eey0reMar 17, 2021Cirrostratus
This does sounds like a firewall problem. For example, when a failover occurs the TCP connections are not recognised by the new appliance (unless network mirroring is enabled for a VS). This results in a large number of TCP RSTs to all the servers and clients. I've seen a "nextgen" firewall see the large number of RSTs from BIG-IP and think it's a port scan.
- Nikoolayy1Mar 21, 2021MVP
I agree with eey0re that you may test with f5 connection mirroring and mac masquerade and also during a failover the firewall teams needs to check the security and ddos logs.