Forwarding virtual server sends RESET against any IP addresses not associated with virtual server and self-ip addresses
In our environment we have a number of subnets that reside behind our F5's and use them as the default gateway. We have experienced a number of issues when performing network scans using various tools against these subnets due to the F5 replying with a TCP RST packet to attempts to non-existent IP addresses in the subnet which either causes false positives in identify devices or causes extremely slow performance of the scan activity.
I have reviewed K9812: Overview of BIG-IP TCP RST behavior and have updated the TM.RejectUnmatched to false but this does not seem to have any impact on the associated behavior.
More details
In a recent packet capture 3 SYN Packets are sent from the scan with a delay of 3 seconds and 5 seconds between. Oddly a RST packet is sent from the F5 (with the IP address of the target IP) for only the first and last packet with a delay of 8 seconds and 5 seconds from the original packet. This pattern is identical for each port scanned.