Unable to access f5.com from a transparent bluecoat proxy

Question

We are unable to access f5.com via a transparent bluecoat proxy. We are wondering if  the version  of bluecoat (6.2) cipher may not be interacting well with the one provided by f5.com site&nbsp;
See below a package capture.
No.     Time        Source                Destination           Protocol Length Info
    350 7.955639    182.10.25.14          65.61.115.222         TCP      74     34555 &gt; https [SYN] Seq=0 Win=14600 Len=0 MSS=1200 SACK_PERM=1 TSval=151459621 TSecr=0 WS=128&nbsp;
Frame 350: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Internet Protocol Version 4, Src: 182.10.25.14 (182.10.25.14), Dst: 65.61.115.222 (65.61.115.222)
Transmission Control Protocol, Src Port: 34555 (34555), Dst Port: https (443), Seq: 0, Len: 0&nbsp;
No.     Time        Source                Destination           Protocol Length Info
    351 7.955673    65.61.115.222         182.10.25.14          TCP      62     https &gt; 34555 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 SACK_PERM=1&nbsp;
Frame 351: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Internet Protocol Version 4, Src: 65.61.115.222 (65.61.115.222), Dst: 182.10.25.14 (182.10.25.14)
Transmission Control Protocol, Src Port: https (443), Dst Port: 34555 (34555), Seq: 0, Ack: 1, Len: 0&nbsp;
No.     Time        Source                Destination           Protocol Length Info
    352 7.960879    182.10.25.14         65.61.115.222         TCP      60     34555 &gt; https [ACK] Seq=1 Ack=1 Win=14600 Len=0&nbsp;
Frame 352: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Internet Protocol Version 4, Src: 182.10.25.14 (182.10.25.14), Dst: 65.61.115.222 (65.61.115.222)
Transmission Control Protocol, Src Port: 34555 (34555), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0&nbsp;
No.     Time        Source                Destination           Protocol Length Info
    353 7.971410    182.10.25.14          65.61.115.222         TLSv1.2  322    Client Hello&nbsp;
Frame 353: 322 bytes on wire (2576 bits), 322 bytes captured (2576 bits)
Internet Protocol Version 4, Src: 182.10.25.14 (182.10.25.14), Dst: 65.61.115.222 (65.61.115.222)
Transmission Control Protocol, Src Port: 34555 (34555), Dst Port: https (443), Seq: 1, Ack: 1, Len: 268
Secure Sockets Layer&nbsp;
No.     Time        Source                Destination           Protocol Length Info
    354 8.030334    65.61.115.222         182.10.25.14          TCP      54     https &gt; 34555 [ACK] Seq=1 Ack=269 Win=65535 Len=0&nbsp;
Frame 354: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Internet Protocol Version 4, Src: 65.61.115.222 (65.61.115.222), Dst: 182.10.25.14 (182.10.25.14)
Transmission Control Protocol, Src Port: https (443), Dst Port: 34555 (34555), Seq: 1, Ack: 269, Len: 0&nbsp;
No.     Time        Source                Destination           Protocol Length Info
    723 112.688238  65.61.115.222         182.10.25.14          TLSv1.2  144    Server Hello&nbsp;
Frame 723: 144 bytes on wire (1152 bits), 144 bytes captured (1152 bits)
Internet Protocol Version 4, Src: 65.61.115.222 (65.61.115.222), Dst: 182.10.25.14 (182.10.25.14)
Transmission Control Protocol, Src Port: https (443), Dst Port: 34555 (34555), Seq: 1, Ack: 269, Len: 90
Secure Sockets Layer&nbsp;
No.     Time        Source                Destination           Protocol Length Info
    724 112.688408  65.61.115.222         182.10.25.14          TCP      1254   [TCP segment of a reassembled PDU]&nbsp;
Frame 724: 1254 bytes on wire (10032 bits), 1254 bytes captured (10032 bits)
Internet Protocol Version 4, Src: 65.61.115.222 (65.61.115.222), Dst: 182.10.25.14 (182.10.25.14)
Transmission Control Protocol, Src Port: https (443), Dst Port: 34555 (34555), Seq: 91, Ack: 269, Len: 1200&nbsp;
No.     Time        Source                Destination           Protocol Length Info
    725 112.688415  65.61.115.222         182.10.25.14          TCP      902    [TCP segment of a reassembled PDU]&nbsp;
Frame 725: 902 bytes on wire (7216 bits), 902 bytes captured (7216 bits)
Internet Protocol Version 4, Src: 65.61.115.222 (65.61.115.222), Dst: 182.10.25.14 (182.10.25.14)
Transmission Control Protocol, Src Port: https (443), Dst Port: 34555 (34555), Seq: 1291, Ack: 269, Len: 848&nbsp;
No.     Time        Source                Destination           Protocol Length Info
    726 112.688478  65.61.115.222         182.10.25.14          TCP      1254   [TCP segment of a reassembled PDU]&nbsp;
Frame 726: 1254 bytes on wire (10032 bits), 1254 bytes captured (10032 bits)
Internet Protocol Version 4, Src: 65.61.115.222 (65.61.115.222), Dst: 182.10.25.14 (182.10.25.14)
Transmission Control Protocol, Src Port: https (443), Dst Port: 34555 (34555), Seq: 2139, Ack: 269, Len: 1200&nbsp;
No.     Time        Source                Destination           Protocol Length Info
    727 112.688519  65.61.115.222         182.10.25.14          TCP      316    https &gt; 34555 [RST, ACK] Seq=3339 Ack=269 Win=65535 Len=262&nbsp;
Frame 727: 316 bytes on wire (2528 bits), 316 bytes captured (2528 bits)
Internet Protocol Version 4, Src: 65.61.115.222 (65.61.115.222), Dst: 182.10.25.14 (182.10.25.14)
Transmission Control Protocol, Src Port: https (443), Dst Port: 34555 (34555), Seq: 3339, Ack: 269, Len: 262&nbsp;

cathycp27_19864 · Answer

update. we have been able to access f5.com from IE11 but it is still not accessible from chrome or firefox. Is it possible that the type of SSl provides by the browser is not compatible with  the proxy or the web server?

binarycanary_19 · Answer

There is insufficient information with which to troubleshoot your issue. 
It may be best for you to raise a support case and provide the proper capture file, preferably taken like so:
tcpdump -i 0.0:nnn -s0 -w /var/tmp/capture_filename.cap host

The above captures client-side only though. If the device is v11.4.1 or newer, you can do this:
tcpdump -i 0.0:nnnp -s0 -w /var/tmp/capture.cap host

And supply a qkview, and identify the name of the VIP.

binarycanary_19 · Answer

Errr, sorry, this is assuming that you have an F5 device that this traffic is passing through. &nbsp;
Regardless, this is insufficient info to see what's going wrong. You may want to contact Bluecoat... &nbsp;

binarycanary_19 · Answer

Errr, sorry, this is assuming that you have an F5 device that this traffic is passing through. &nbsp;
Regardless, this is insufficient info to see what's going wrong. You may want to contact Bluecoat... &nbsp;

jcl_cls01_41707 · Answer

I have had the same issue when trying to access any f5.com sites through the ProxySG.  It appears you will need to upgrade to SGOS v6.5.6.1 or higher since some sites have now enabled the ECDHE cipher.&nbsp;
https://bluecoat.secure.force.com/knowledgebase/articles/Technical_Alert/000022362/?l=en_US&amp;fs=Search&amp;pn=1&nbsp;
Overview
With the recent SSL exploits over the past year, the majority of Internet server/sites have refreshed their server certificates. The refreshed certificates typically use newer stronger ciphers, such as ECDHE, and in some cases may eliminate support for other ciphers. As a result of this change in the industry, there has been a rapid change to rely on ciphers such as ECDHE and ECDSA.  &nbsp;
Status
SGOS 6.5.6.1 and later now supports HTTPS interception in forward proxy mode when sites use ECDHE ciphers. The following variants of ECDHE-RSA have been added: •ECDHE-RSA-AES128-SHA (0xC013)
•ECDHE-RSA-AES256-SHA (0xC014)
•ECDHE-RSA-AES128-SHA256 (0xC027)
•ECDHE-RSA-AES128-GCM-SHA256 (0xC02F)
•ECDHE-RSA-RC4-SHA (0xC011)
Refer to the Release Notes for important information on these ciphers and appliance performance.&nbsp;
ECDHE support for reverse proxy is not yet supported. Support is targeted for a future release.&nbsp;
As of SGOS 6.5.7.1 and later, support for HTTPS interception in forward proxy mode when ECDSA ciphers for HTTPS interception has been added for the following variants: •ECDHE-ECDSA-AES128-SHA256 (0xC023)
•ECDHE-ECDSA-AES128-GCM-SHA256 (0xC02B)
•ECDHE-ECDSA-RC4-SHA (0xC007)
•ECDHE-ECDSA-AES128-SHA (0xC009)
•ECDHE-ECDSA-AES256-SHA (0xC00A)
Refer to the Release Notes for important information on these ciphers and appliance performance and behavior changes on HTTP response code 407 handling in SGOS 6.5.7.x. &nbsp;

Forum Discussion

Unable to access f5.com from a transparent bluecoat proxy

8 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Transparent Load Balancing in Azure

Transparent load balancing in Azure, Part 2

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

F5OS (rseries 2800) in transparent mode

Fileless Malware, Anti-Cheat Transparency, & NGINX OSS Security Policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS