Bug ID 614072: Source Address Translation to SNAT pool breaks SWG explicit use case for IP based session.

Last Modified: Oct 16, 2023

Affected Product(s):
BIG-IP SWG(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.0.0

Opened: Sep 01, 2016

Severity: 3-Major

Symptoms

All SWG session maps to SNAT pool IP and many requests will get stuck.

Impact

Request will get stuck in ACCESS filter and browser will keep looping..

Conditions

SWG virtual with Source Address Translation to SNAT pool, create session and send traffic for expired session

Workaround

Change source address translation to AUTOMAP instead of SNAT Pool.

Fix Information

Store client IP into scratch memory and use it to session lookup/creation instead of SNAT Pool IP.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips