Last Modified: Feb 07, 2020
Opened: Jan 28, 2020
SSL Forward Proxy does not mirror forged OCSP responses to session database on the standby high availability (HA) device.
OCSP Responder on the BIG-IP system is unable to respond to out-of-band OCSP requests right after a failover event occurs, before the SSL handshake is performed with the backend server.
SSL forward proxy is configured in HA mode.
OCSP responses are successful after the new active device performs an SSL handshake to the backend server, which then re-forges and caches the server certificate and status.