Not all SSL traffic is being decrypted

wrainwater — Sat, 18 Nov 2017 05:50:50 GMT

I configured the firewall to decrypt outbound SSL traffic and installed a local cert I created onto my broswer. When I monitor my port 443 traffic I see some of it is decrypted and some of it isnt. Is this normal behavior? I thought it was suppose to decrypt all SSL traffic?

Also, I was trying to create a policy that would send an alert any time malicious activity is found inside the traffic. the decryption profile only allows you to block everything. How would this alert be possible? Im new at making these rules.

Re: Not all SSL traffic is being decrypted

AndyYerger — Thu, 07 Dec 2017 17:12:10 GMT

One other way to import that certicate into your machine if using Windows is through MMC cosole Certificates. Or right click the certifacte and choose install. You can't decrypt all SSL just most of it. Normal behovior to see some decrypted some not decrypted. As for Alerts you could go to Deviced logs then the System tab and create a log with a serverity level and forward to an email. As for blocking the decryption profile only blocks unsupported ciphers, unsupported cipher suites, expired certificates ,unknown certificates, certificate timeouts and if the firewall has exhausted it resources and is low on memory cpu . So the decryption profile wouldn't block everything . Someone please correct me if I'm wrong.

topic Re: Not all SSL traffic is being decrypted in Advanced Threat Prevention Discussions

Not all SSL traffic is being decrypted

Re: Not all SSL traffic is being decrypted