06-18-2023 11:05 PM
Dear Team!
I got a problem with Decryption on some websites. For example admin.microsoft.com. When I try to open this website, the web browser gives me a simple white blank without any content in it. In this case, decryption is on. I saw the error, depending on the certificate chain of trust, and I follow the documentation and imported the missing certificate to Firewall and then to the end user machine, but, not fixed.
This issue was in 10.1.7 and continues in 10.1.9 h2 I think. And, this problem the first time was faced while upgrading to 10.1.7.
Any ideas?
06-20-2023 04:27 AM
Hi @RovshanRajabli ,
You might be running into bug behavior.
I've seen this exact same behaviour when http2 decrypted traffic was getting identified as unknown-tcp. Please check if that's the case or if it is being identified correctly.
The root cause in my example was that each large http2 header holds a swbuf 4 until the end of the flow. This causes the swbuf 4 depletion. You can check this with the following command as well:
admin@Lab> debug dataplane pool statistics | match "buffer 4"
As a workaround you could try to strip ALPN for the website that causes the buffer depletion.
That being said, I recommend grabbing a tech support file and have it analyzed by support in order to confirm if you are hitting this exact same bug or if you are experiencing a different issue.
Kind regards,
-Kim.
06-20-2023 02:31 PM
Hello,
Also some websites do not like it when you decrypt them. I know a lot of the Microsoft sites are like this and its best to bypass decryption on them.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
