06-16-2021 06:21 AM
My organization is in the process of moving from one VPN solution to GlobalProtect. We are seeing several applications being unable to run certain features, or run successfully at all, and the error logs appear similar to this (I say similar because this specific message is from one application, others may vary, but all are similar):
06-16-2021 11:49 AM
While I would love to tell you to decrypt everything, somethings just break when you due. I would suggest not decrypting that traffic.
06-16-2021 12:09 PM
Yeah, but then I have to bypass decryption on AWS, Azure, and GCP IP blocks... That seems entirely unreasonable.
06-16-2021 12:15 PM
Yes I agree. However you can use one or more of the other options to get a bit more granular/generic.
06-17-2021 08:39 PM
That's where the URL category would be recommended when creating your exception. So instead of excluding AWS/Azure/GCP, you would focus more on what resources are actually causing the issue and where the Java application is trying to fetch them from. Then just build out an exception for those URLs.
06-19-2021 12:55 PM
How does you trust path to the root ca look?
Is it root > intermediate > decryption ca? Did you also try to import the decryption ca into the java trust store? And this question might be obvious, but did you make sure to import the CA certs as trusted issuer/CA certs?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!