A malicious connection to a TCP-Fast Virtual Service may lead to SE failure.

Client initiates a malicious connection with mss (TCP Max Segment Size) value of 0 that is leading to SE failure. This happens only if the virtualservice is configured with TCP-Fast (i.e. networkprofile = System-TCP-Fast-Path)

There are three possible Workaround: 

1) Move the VIP that was attacked with a malicious connection with mss value of 0 out of the Avi.

2) Convert the VS that is being attacked as mentioned above to networkprofile to System-TCP-Proxy.

3) Block the malicious traffic on perimeter device which has MSS=0

Issue will be fixed in 22.1.6-2p6