Forum Discussion
tck2534
Nimbostratus
NimbostratusBypass SSL TMM ERR on SWG Explicit mode
Hi guys
I have an issue when I had configured for Bypass SSL log return like below
Aug 10 14:23:20 bigip4 err tmm[18992]: 01870029:3: /Common/swg_explicit_auth:Common:7cc2ccbf: [C] 10.55.55.85:56516 -> 203.131.212.198:443:ERR_VAL: SSL action will not take effect, the handshake has alreadybeen processed.
Aug 10 14:23:20 bigip4 notice tmm1[18992]: 01870023:5: /Common/swg_explicit_auth:Common:7cc2ccbf: education match
Aug 10 14:23:20 bigip4 err tmm1[18992]: 01870029:3: /Common/swg_explicit_auth:Common:7cc2ccbf: [C] 10.55.55.85:56517 -> 203.131.212.198:443:ERR_VAL: SSL action will not take effect, the handshake has alreadybeen processed.
Aug 10 14:23:43 bigip4 notice tmm1[18992]: 01870023:5: /Common/swg_explicit_auth:Common:7cc2ccbf: education match
Aug 10 14:23:43 bigip4 err tmm1[18992]: 01870029:3: /Common/swg_explicit_auth:Common:7cc2ccbf: [C] 10.55.55.85:56523 -> 203.131.212.198:443:ERR_VAL: SSL action will not take effect, the handshake has alreadybeen processed.
Then traffic never bypass SSL.
Flow for Per-Request Policy is
Start -> L7 Protocol Lookup -> Logging -> SSL Bypass > allow
timothy_barnes2Ran into this issue...was extremely frustrating because a lot of documentation references the use of the L7 Protocol Lookup agent in per-request policies with SSL Bypass, but you cannot use it. This is because the L7 Protocol Lookup inspects traffic to determine the protocol. Since it's unsealed at that point, it's no longer able to be bypassed as you're already inspecting.
Instead of using L7 Protocol Lookup use SSL Check
KB for reference that got me through it...
https://my.f5.com/manage/s/article/K54013660