- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-07-2018 05:54 AM
Hi,
We realised that we are receiving decrypt errors accessing to O365 from inside to outside. We are doing decrypt in sessions. But we dont know why the sessions are finished with "decrypt-error".
Any idea?
08-07-2018 08:37 AM
It's likely because of Certificate Pinning, which the firewall can't actually transparently decrypt. If you view the associated session directly on the firewall it'll have a tad bit more information that may be helpful, such as if you are running into a proxy decrypt failure.
08-07-2018 08:42 AM
Yes, we are doing decrypt for this kind of sessions. This is the log view detailed. Where can i get more info about the root cause for this error???
I thought that we could be hitting this link:
08-07-2018 08:48 AM
The first line of the 'General' box will be the session id number. Through the CLI running 'show session id session_id_number' would give you a bit more information about what exactly caused the issue in the 'tracker stage firewall' section. You could be hitting a variety of issues with this, but the most common is due to an unsupported SSL protocol. You can verify this by viewing the global counters and seeing if it increments as you see these logs.
08-07-2018 01:26 PM
A little strange actually is that the firewalls already sees the application soap which implies that the decryption already happened. In addition the sessions are too big already in my opinion. If a decryption error happens the sessions normally are smaller.
In addition to what @BPry wrote I would also do a packet capture and check if there is already data or if you see TLS handshake errors.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!