Is it possible to prevent BIG-IP to send TCP RST?

Question

Hello,I was wondering if it is possible to prevent the big-ip system to send TCP RST to connections / ports that are not actually in use? This is a problem when scanning etc activities occur towards services.&nbsp;BR&nbsp;Teemu

sebastiansierra · Answer

Hi&nbsp;TeemuK&nbsp;,
Could you be more specific about why you want to prevent TCP resets? because the F5 is a deny device by default, if the port is not open it have to send a reset as a firewall, in the case you want to allow all port in a virtual server you have to configure the port in 0 in the virtual server.

teemuk · Answer

Hi,check TM.rejectunmatched from this articlehttps://my.f5.com/manage/s/article/K9812

teemuk · Answer

So basically case resolved 🙂

Forum Discussion

Is it possible to prevent BIG-IP to send TCP RST?

3 Replies

Recent Discussions

CITRIX remote desktop solution using F5 APM

BIG-IP rseries license

F5 iRule to route traffic based on AS2 headers doesnt work

Trouble with TCP::option set 28

LDAPS: intermittent login issues

Related Content

Big-IP DNS - Zone Transfers

F5 Big-IP VE on azure

BIG-IQ collecting BIG-IP iRule logs

BIG IP 201 Cert

BIG IP APM CCU perpetual