Bug ID 720322: Intercepted HTTPS traffic isn't sent to HTTP services in SWG use cases

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP SWG(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Opened: May 16, 2018
Severity: 4-Minor

Symptoms

BIG-IP doesn't have SSL Orchestrator iRules in SWG use cases, and if the L7 check agent isn't added in the Per-Request Policy before Service connect agent for HTTP type services (like ICAP, Explicit HTTP or Transparent HTTP service), traffic isn't sent to these services.

Impact

Traffic isn't sent to the services.

Conditions

SWG use case with Per_request Policy: Start->Service Connect ->Allow with service connect for http type services

Workaround

Use the following iRule : when CLIENTSSL_HANDSHAKE { CONNECTOR::enable }

Fix Information

None

Behavior Change