The outbound SSL solution uses a HEAD HTTP request to establish communication between the front-end and back-end SSL connections. In previous versions, the Host used in the HEAD request was not a real hostname. Some security devices attempted to resolve the hostname as part of their inspection, and because the hostname could not be validated, connections failed.

Now the hostname received in the SNI is used in the Host header (or destination IP address if the SNI was not present in Client SSL Hello), while the REQ_URI is set to “/internalheadreq” so that the Alteon back-end can recognize it as an internal request.

Important! In a two-instance installation, it is important that both instances are upgraded to the same version that supports the new HEAD fields at the same time (during the maintenance window). If that is not possible, upgrade the external instances first.

NFR ID: prod00260286

In previous versions, client IP persistency could not be maintained when the SP CPU was selected based on the client IP address and port (VMAsport enabled).

NFR ID: prod00254907