Forum Discussion

MVP

Aug 11, 2022

SSLO make malfunction when configure SNI Block and IP intercept condition.

Hi I need your help! SSLO make malfunction when configure condition of Block pinner site and intercept IP Address environment:configure on security policy 1st match : Block pinner site and in...

application delivery

Kevin_Stewart

Employee

Aug 22, 2022

SSLO security policy rules are nested and evaluated top-down. So basically, like any firewall rule, once a match is made, no further rule processing is done.

It's also important to understand that some rule conditions require server-side validation. In this case, the URL category conditions require SSLO to reach out to the server to evaluate the server certificate. The Pinners rule includes a category lookup. If you have some traffic that would break becuase of this server side "look", for example when the server requires mutual TLS (mTLS) authentication, you need to move your layer 3 and layer 4 rules above any rules that do category lookup.

Forum Discussion

SSLO make malfunction when configure SNI Block and IP intercept condition.

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Leverage F5 BIG-IP APM and Azure AD Conditional Access Easy button

BIG-IP BGP Routing Protocol Configuration And Use Cases

Getting Started with BIG-IP Next: Configuring Instance High Availability

Certificate Expiry Email alert configuration

iRules 101 - #13 - Nested Conditionals