We have set a new decryption profile that is hardened to a new 10.0.6 PA 3250.
Most things seem ok however when we go to the guardian website we just get a this site cant be reached page. It would be great if the user got a response page saying decryption error. Is there a way to get this? There could be others (lots of General TLS protocol errors).
the decryption policy is pretty restrictive - we might have to uncheck to find what is causing the issue if we cannot get a response page to the user
Does anyone know how we can get a response page to the user to say decryption error?
See this thread for troubleshooting ideas. You will need to confirm if the error is being served a non-connection from the browser or the firewall. There may be some elements (DoH) within browser config that might need changing. Are you able to confirm via curl or others that the full webpage is being served to your machine?
@BPry - does that mean its normal for the user to see a "This site can't be reached" page if it fails due to a general TLS protocol error and there is nothing you can do?
Shame if it is as we will have to roll back some of the settings as management say the users must have a reason displayed if a webpage is not accessible (e.g category block just now)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!