Bug ID 751807: SSL Orchestrator may not activate service connectors if traffic is an HTTP tunnel

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5

Fixed In:
15.0.0, 14.1.0.6

Opened: Dec 04, 2018
Severity: 3-Major

Symptoms

Decrypted traffic is not forwarded to services despite even though a matching rule action in security policy selects a service chain.

Impact

No visibility to decrypted traffic if it is an HTTP tunnel through SSL Orchestrator.

Conditions

-- Matching rule action in security policy selects a service chain. -- Traffic is an HTTP tunnel (CONNECT method) is accepted by an outbound transparent proxy created by SSL Orchestrator.

Workaround

None.

Fix Information

Decrypted traffic is forwarded as expected to services, when matching rule action in security policy selects a service chain, for HTTP tunnel traffic sent through SSL Orchestrator.

Behavior Change