ssl-inbound inspection problem

Showing results for 
Show  only  | Search instead for 
Did you mean: 

ssl-inbound inspection problem

L1 Bithead

Hello everyone.


i'm configuring decryption with ssl-inbound inspection towards a nas synology via DNAT port-forwarding but i'm having trouble working with the following error that gives me the browser "PR_END_OF_FILE_ERROR". DNAT without ssl-inbound inspection works fine without certificate errors if I try to reach the web server from outside.

I have imported the certificate and the priv-key of the synology correctly on the fw and applied to the decryption policy, but I doubt that the zone-level decryption policy is wrong.

I post a couple of screens for completeness, decrypt, nat, security and logs











Actually topology:  internet--->router(dnat to ptp-fw)--->FW(dnat to synology TCP 5001)---->SYNOLOGY


Thanks in advice,






L6 Presenter

There are other posts for such issues and you can google them but "PTP-FW-WAN2" is the destination address in your nat and security policies and for the security policy I think it should the translated internal zone address "SYNLOGY-NAC-...".



If you still have issues see drop packet captures, global counters, flow basic etc:




Still check that the app is indeed using normal SSL and that it is not using pinned SSL certs that can't be decrypted. You can look at the SSL logs:


L6 Presenter

If you managed to get the needed answers, please flag the question as answered.

  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!