Forum Discussion

tck2534's avatar
tck2534
Icon for Nimbostratus rankNimbostratus
Aug 10, 2020

Bypass SSL TMM ERR on SWG Explicit mode

Hi guys

 

I have an issue when I had configured for Bypass SSL log return like below

 

Aug 10 14:23:20 bigip4 err tmm[18992]: 01870029:3: /Common/swg_explicit_auth:Common:7cc2ccbf: [C] 10.55.55.85:56516 -> 203.131.212.198:443:ERR_VAL: SSL action will not take effect, the handshake has alreadybeen processed.

Aug 10 14:23:20 bigip4 notice tmm1[18992]: 01870023:5: /Common/swg_explicit_auth:Common:7cc2ccbf: education match

Aug 10 14:23:20 bigip4 err tmm1[18992]: 01870029:3: /Common/swg_explicit_auth:Common:7cc2ccbf: [C] 10.55.55.85:56517 -> 203.131.212.198:443:ERR_VAL: SSL action will not take effect, the handshake has alreadybeen processed.

Aug 10 14:23:43 bigip4 notice tmm1[18992]: 01870023:5: /Common/swg_explicit_auth:Common:7cc2ccbf: education match

Aug 10 14:23:43 bigip4 err tmm1[18992]: 01870029:3: /Common/swg_explicit_auth:Common:7cc2ccbf: [C] 10.55.55.85:56523 -> 203.131.212.198:443:ERR_VAL: SSL action will not take effect, the handshake has alreadybeen processed.

 

Then traffic never bypass SSL.

 

Flow for Per-Request Policy is

Start -> L7 Protocol Lookup -> Logging -> SSL Bypass > allow

  • Ran into this issue...was extremely frustrating because a lot of documentation references the use of the L7 Protocol Lookup agent in per-request policies with SSL Bypass, but you cannot use it. This is because the L7 Protocol Lookup inspects traffic to determine the protocol. Since it's unsealed at that point, it's no longer able to be bypassed as you're already inspecting. 

     

    Instead of using L7 Protocol Lookup use SSL Check 

     

    KB for reference that got me through it...

    https://my.f5.com/manage/s/article/K54013660