Last Modified: Feb 11, 2025
Affected Product(s):
BIG_IP_NEXT(VE/HW) APM
Known Affected Versions:
20.3.0
Opened: Sep 09, 2024 Severity: 2-Critical
OCSP request traffic does not reach the OSCP server if the DNS resolver is improperly configured at first deployment of the application.
Once the application is deployed in these conditions, OCSP Authentication agent will not be able to forward the request to the OCSP server as it cannot resolve the FQDN. Trying to redeploy the application with appropriate DNS resolver configuration fails to correct the issue.
An application has been deployed that has an Access policy with an OCSP Authentication agent. The OCSP Authentication agent has been configured with an FQDN in the OSCP Responder URL. DNS resolver has not been added to the configuration settings, and the default DNS resolver has not been configured.
A new application needs to be created with proper DNS resolver configuration and then deployed. Alternatively, the admin can restart tmm once the original application has been redeployed with the correct DNS resolver configuration.
None