Bug ID 475283

Bug Tracker
ID 475283

Bug ID 475283: Category Lookup by SNI doesn't work for SWG transparent + Mobile AppTunnel in case of using SWG SSL bypass

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Opened: Aug 12, 2014

Severity: 3-Major

Symptoms

Category lookup by SNI doesn't work for Mobile Application Tunnels (i.e. iOS perAppVPN). An error "SWG Scheme not assigned to main access policy" appears.

Impact

Per-request policy will fail when it hits the category lookup agent with conditions specified.

Conditions

SWG transparent + Mobile AppTunnel in use. Issue is reproducible only with "SSL Forward Proxy Bypass" option in SSL profile for layered virtual server.

Workaround

"Remove SSL Forward Proxy Bypass" option in SSL profile for layered virtual server.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips