topic Allowed SSL traffic reporting as policy-deny in Next-Generation Firewall Discussions

Allowed SSL traffic reporting as policy-deny

tejasmapuskar — Fri, 10 Mar 2023 15:04:00 GMT

We have a decryption rule to allow user internet access over SSL. Access to LinkedIn was working until 2 days back we started getting certificate error with validity expired. All users accessing the internet use the same CA signed certificate with no issues. I have attached the logs showing access permitted but the session end reason is policy-deny.

Re: Allowed SSL traffic reporting as policy-deny

Raido_Rattameister — Fri, 10 Mar 2023 15:05:27 GMT

Check Decryption logs from that source to that destination and you will find the answer.

Re: Allowed SSL traffic reporting as policy-deny

tejasmapuskar — Mon, 13 Mar 2023 15:25:31 GMT

Hi,

Thanks for looking into it. The issue was fixed after renewing the expired Digicert issue on the firewall.