Last Modified: Nov 05, 2025
Affected Product(s):
BIG-IP APM
Fixed In:
21.0.0, 17.5.1.3, 17.1.3
Opened: Jul 23, 2025 Severity: 3-Major
ECA always invokes the kerberos_auth_default profile, even when it’s known that the request will be denied later.
Increasing unnecessary load on apmd, which will cause a performance issue during peak time.
-- SSL Orchestrator Proxy configured with SWG-explicit NTLM ONLY Access Profile
None
ECA will not send a known invalid request to APMD to deny