Issue with OCSP and CRLDP protocol with default route in Partition
I have a problem with our F5 to configure the CRL check for client certificates. We have an F5 that we share for many clients infrastructure. Each client has his own partition and route domain.
I wanted to make some test with OCSP and CRLDP protocols in order to take the most appropriate for CRL update but I'm facing an issue. Whatever the server I set on "OCSP Responders" or "CRLDP Server", the flows don't use the default route set on the partition. The request exits through management interface every time and are of course blocked on the firewall behind this interface. I had the same issue with AAA serveur on APM until I understood the difference with "Static" and "Pool" parameters. Except that for CRLDP or OCSP, there is no choice to use a pool.
Of course, there is no way for us to use management interface because it has nothing to do with client infrastructure. Each client has their own architecture and active directory so it has to exits from the partition default route. Until now, I don't have any solution except to update CRL manually.
I tried to create a VS (in client partition) with an IP in the network range of the default gateway of the partition and configure the CRLDP or OCSP with the ip of this VS but still, it goes out from management interface.
I would appreciate any help on this subject. A way to fix it or another way to update CRL?