02-09-2023 06:21 AM
How do I find from the firewall which backend server is not matching the certificate/key here. Alert doesn't give much information. We have about 20 servers behind with inbound decryption.
02-10-2023 06:27 AM
If you look at the decrypt logs and you're logging all inbound traffic's URLs you can sometimes actually decipher or at least see the base URL even when you have a proxy failure. I'm assuming that you're using a wildcard certificate since you're having a hard time identifying the actual requested resource, so if that's not recorded in your logs you may have to attempt to "trace" the traffic and see if you can't see a link or something that they hit from another one of your resources.
It can also be helpful if you have the same public IP constantly pinging the resource to, if policy allows, just temporarily exclude it from inbound decryption after ensuring that all URL categories on the allowing security entry is set to at least 'alert' so it gets recorded. This will at least give you the base URL requested, as I assume that will let you identify the resource that isn't getting decrypted properly within your environment.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
