Bug ID 473092: Transparent Proxy + On-Demand Cert Auth will reset

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP SWG(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5

Opened: Jul 25, 2014

Severity: 2-Critical

Related Article: K16994


After evaluating the access policy with an on-demand cert auth agent, there will be a connection reset.


The user is not redirected back to their original landing URI. However, in known reproductions the access policy has already completed, and been set to allow. Future requests from the user will be correctly proxied to the backend.


This issue occurs under these conditions: SWG Transparent Proxy with a On-Demand Cert Auth agent.


If on-demand cert auth is needed, there is no workaround.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips