I have the problem that for some URLs I get a block Page and for other URLs I get the "Error secure connection failed" Message.
Both responses have the same session end reason: decrypt-cert-validation.
As this happens regarding SSL connections I use a decryption Profile with checked:
Block sessions with expired certificates
Block sessions with untrusted issuers
Block sessions with unknown certificate status
Block sessions on certificate status check timeout
I tried with Firefox and Chrome and got the explained result.
The Internet Explorer seems to always show the requested block page.
Can someone maybe explain why this is happening and maybe how I can for example get Firefox to always show the block page?
Client should trust, the ssl certificate presented from firewall, Firefox keeps certificates on seperate store when importing proccess select all the checkboxes.
Other possible reasons are;
the Certificate is installed to the trusted certificate store of Firefox.
There are no other devices installed between client and FW or FW and destination.
I have to inform myself about the locations.
Please don't misunderstand the issue as this is about that, for the same session end reason, I get two different outputs. Sometimes the Error message, sometimes the block page and I would like to always get the block page.
It seems to work fine in the Internet Explorer, so I am kind of confused.
Edit: I have check the "Strip ALPN" Option in the Decryption Profile and it works for now.
Maybe because now HTTP1 is used?
Is it possible that the NGFW has problems with HTTP2 ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!