Bug ID 774213: SWG session limits on SSLO deployments

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM, SWG(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 15.0.0, 15.0.1

Fixed In:
15.1.0, 15.0.1.1, 14.1.0.6

Opened: Apr 18, 2019

Severity: 3-Major

Symptoms

SWG session limits are enforced on SSLO deployments that enable Explicit proxy authentication.

Impact

SSLO fails to connect when the SWG session limit is reached.

Conditions

-- SSLO with Explicit proxy authentication is deployed. -- Many concurrent SSLO connections (beyond the SWG session limit).

Workaround

None.

Fix Information

If there is an SSLO profile paired with either an APM or SSLO per-request policy on a virtual server, and the operation has done a hostname only lookup, an SWG license is no longer consumed. This answers the case where there is auth (APM) on one virtual server, and the transparent virtual server is SSLO with hostname Category Lookup only.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips