We wittnessed a very strange phenomenon this morning.
First we received a call that our VPN gateway was not accepting any VPN connections.
At the same time we received calls that certain websites were not accessible. These websites had in common that they were SSL encrypted.
We have 2 PA-500 firewalls with a HA configuration.
SSL decryption is enabled for certain networks (workstations). SSL decryption uses a different certificate than our VPN gateway.
Both certificates are valid.
As soon as we turned off SSL decryption, the VPN gateway started to accept connections.
When we turned SSL decryption back on we noticed that some websites were decrypted while others were not.
The sites that were not decrypted should have been decrypted. They were not in the "Do-not-Decrypt" list.
To be certain the firewall was doing the job right, I deleted the certificate cache on my browser. I also visited sites that were SSL encrypted which I had not visited before.
We are a bit puzzled what happened here. Currently we have SSL decryption turned off but would like to have it on again.
The PA-500 is a few software versions behind. Currently on version 7.1.2
I have tried to find anything related in the release notes of the newer versions that might indicate a problem with our current version. I was not able to find this.
Any ideas what might be going on?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!