The f5-w-XXXXXXXX is what they call the "F5 mangle", and it is encoded (not encrypted!) the URL that the user will be sent to inside the environment. With this feature, any links on the internal application can be rewritten with links that redirect the user to the vpn.XXXX domain, ensuring all links will always work. (the main reason why Portal Access should be used)
This URL rewrite process sometimes goes "wrong", causing unexpected behaviour, such as forcing return traffic to go through the F5 even if it's not needed, and other things.
This F5 mangle should however not be seen by the internal web servers though, as APM removes it from the request before forwarding on the request to the backend webserver. As such, if you DO see that section coming back in the URL multiple times, I suspect you actually have a redirect function in the F5, rather than in the backend server, or the traffic from the client is bypassing APM altogether and going straight to the backend server.
Before talking about solutions, I would recommend you check exactly where the traffic goes, what virtual server picks it up (both the initial request as well as any follow-up requests), what exact URL requests are being received by the backend webserver, and how the return traffic makes its way back to the client.
This will not only help you understand the problem better, but also help resolve the issue in the best possible way. (as you may find you don't need Portal Access at all... 😉
Altocumulus
