09-29-2017 11:12 AM - edited 09-29-2017 11:13 AM
While investigating some SSL decryption niggles we seem to seeing inconsistent decryption.
In simple terms we expect to decrypt www.facebook.com, www.linkedin.com - I can access the sites in a browser and they will be (tested by checking the issuer on the server cert), but then test again 2 minutes later and they're not (original cert being returned).
I have checked the number of active SSL sessions and it's <10% device spec, nothing is being logged to indicate we've hit any resource limits etc. Is there anything else I can check - am I missing something obvious anyone can think of?
As part of this testing I've tried using SSLScan\Nmap to inpsect returned certs via the command line and they either don't work (another question - would we expect a SSLScan probe to trigger decryption) or they are similarily affected .
It almost appears as if it was me scaning thru the Palo with these tools that seems to cause the issue (either that or we've been having inconsistent decryption for a lot longer and just hadn't noticed).
Any ideas welcome before I raise an official support call.
Rgds
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
