For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Phong_Tang_7213's avatar
Phong_Tang_7213
Icon for Altostratus rankAltostratus
Feb 28, 2017

F5 APM/SWG Forward Proxy problem with HSTS sites

Hi gurus,   I had the lab to test F5 APM/SWG Forward Proxy. All things work well except sites with HSTS as , gmail.com...   Normally, when user puts the URL to browser, it will redirect to the...
BIG-IP Access Policy Manager (APM)
security
Niels_van_Sluis's avatar
Niels_van_Sluis
Icon for MVP rankMVP
Feb 28, 2017

Are you sure it is HSTS? Since you mention and gmail, it could also be QUIC. This is a experimental protocol used by Google websites and the Chrome browser. It's an alternative for TLS. It uses port 443/UDP. The BIG-IP will not intercept this traffic. You could try blocking 443/UDP. This will cause the browser to fallback to 443/TCP and make it possible for the BIG-IP to do SSL interception.

 

See: https://en.wikipedia.org/wiki/QUIC