Bug ID 774213: SWG session limits on SSLO deployments

Last Modified: Sep 12, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM, SWG(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 15.0.0, 15.0.1

Fixed In:
14.1.0.6

Opened: Apr 18, 2019
Severity: 3-Major

Symptoms

SWG session limits are enforced on SSLO deployments that enable Explicit proxy authentication.

Impact

SSLO fails to connect when the SWG session limit is reached.

Conditions

-- SSLO with Explicit proxy authentication is deployed. -- Many concurrent SSLO connections (beyond the SWG session limit).

Workaround

None.

Fix Information

If there is an SSLO profile paired with either an APM or SSLO per-request policy on a virtual server, and the operation has done a hostname only lookup, an SWG license is no longer consumed. This answers the case where there is auth (APM) on one virtual server, and the transparent virtual server is SSLO with hostname Category Lookup only.

Behavior Change