Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP APM, SWG
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0
Opened: Jul 11, 2018 Severity: 3-Major
For some SSL/TLS traffic, the per-request policy does not complete, leading to hanging connections and/or connection resets.
Policy execution may stall. Clients may experience hanging connections and/or connection resets.
Reproducible with any forward proxy configuration involving per-request policies. This includes Secure Web Gateway (SWG) and SSL Orchestrator (SSLO). To reproduce, the SSL Forward Proxy Bypass feature must be disabled in the client and server SSL profiles. This is equivalent to 'always intercept'.
Perform the following procedure: 1. Enable the SSL Forward Proxy Bypass feature in the client and server SSL profiles. 2. Set the default action to 'Intercept'.
Now policy execution for per-request policies in SWG and SSLO use cases work properly when SSL Forward Proxy Bypass is not enabled.