Bug ID 614072: Source Address Translation to SNAT pool breaks SWG explicit use case for IP based session.

Last Modified: Jan 16, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP SWG(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4

Fixed In:
13.0.0

Opened: Sep 01, 2016
Severity: 3-Major

Symptoms

All SWG session maps to SNAT pool IP and many requests will get stuck.

Impact

Request will get stuck in ACCESS filter and browser will keep looping..

Conditions

SWG virtual with Source Address Translation to SNAT pool, create session and send traffic for expired session

Workaround

Change source address translation to AUTOMAP instead of SNAT Pool.

Fix Information

Store client IP into scratch memory and use it to session lookup/creation instead of SNAT Pool IP.

Behavior Change