03-25-2024 09:34 AM
The customer configures inbound decryption on the firewall.
When the decrypted traffic exceeds the processing performance of the firewall,
the firewall will not decrypt the traffic that needs to be decrypted. Will it be processed as normal traffic?
Can anyone explain this, thanks
03-26-2024 12:22 AM - edited 03-26-2024 12:27 AM
Hi @Felixcao,
this is documented under the decryption profile settings in the GUI. Alternatively, you can have a look at Techdoc
You have the option to terminate the sessions when resources are not available on the firewall. By default, this option is not checked.
|
Block sessions if resources not available
|
Terminate sessions if system resources are not available to process decryption.
Whether to block sessions when resources aren’t available is a tradeoff between tighter security and a better user experience. If you don’t block sessions when resources aren’t available, the firewall won’t be able to decrypt traffic that you want to decrypt when resources are impacted. However, blocking sessions when resources aren’t available may affect the user experience because sites that are normally reachable may become temporarily unreachable.
|
If you do not block the sessions when resources are not available, the traffic will go through encrypted provided that there is a security rule allowing it, but uninspected.
Regards
--Richard
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
