Problems with ping due to SSL decryption

Reply
L4 Transporter

Problems with ping due to SSL decryption

Hello

we have PA 220 model

and when we implement SSL decryption we can observe the ping delay in our trust interface.THE cpu load is 50 %

when we turn off the SSL decryption everything is normal

L4 Transporter

Re: Problems with ping due to SSL decryption

I think there is something else going on here. You cannot even add ping or ICMP traffic to a decryption policy and pings will not be decrypted and should not be impacted/impacting the load like that. I have a few 220s in the lab and have not seen this behavior. Might be time to look at logs and pcaps when you are seeing this behavior. 

L7 Applicator

Re: Problems with ping due to SSL decryption

@Radmin_85,

As @hshawn mentioned the issue wouldn't be caused by SSL Decryption, but it certaintly could be putting enough of a load on your firewall that the issue is caused because of SSL Decryption. I would really look at the overall device health when you are enabling SSL-Decryption, such as SPS count and the like and see if your box isn't hitting some other limit other than CPU. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!