Bug ID 473092: Transparent Proxy + On-Demand Cert Auth will reset

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP SWG(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5

Opened: Jul 25, 2014

Severity: 2-Critical

Related Article: K16994

Symptoms

After evaluating the access policy with an on-demand cert auth agent, there will be a connection reset.

Impact

The user is not redirected back to their original landing URI. However, in known reproductions the access policy has already completed, and been set to allow. Future requests from the user will be correctly proxied to the backend.

Conditions

This issue occurs under these conditions: SWG Transparent Proxy with a On-Demand Cert Auth agent.

Workaround

If on-demand cert auth is needed, there is no workaround.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips