Hoping to get a little feed back regarding inbound ssl decryption. We have beeing doing inbound ssl decryption to our public presense on version 8.0.7. Things have been going realitivley well but I am running into some issues and not sure if I can fix it at the firewall level. Where I am running into issues is when we have multiple certs applied on a load balancer to a single ip which is behind the firewall. example: ip address 1.2.3.4 (following sites all resolve to this ip this single ip addresss) decrypt rule 1 = use cert on lb (wildcard cert *.domain.com) to 1.2..3.4 www.domain.com, bob.domain.com, ie.domain.com (all using *.domain.com) - decrpyting as expected no issue decrypt rule 2 = use cert on lb (*.domain1.com) to 1.2.3.4 domain1.com, cars.domain1.com - no decryption happening, traffic logs show session end reason of decrpyt-error, no url traffic logs (for https, if site is http url logs will appear as expected)- but I can get to the website as normal. Also other sites (www.domain3.com, domain4,com, etc) on this ip 1.2.3.4 with a different domain and no decrypt rule have same symptoms as decrypt rule 2. My question is there a way to decrypt to a single ip using multiple certs? Also is there an explanation behind why https url logs do not show when decryption erros occur in traffic logs? All testing has been completed with IE and Chrome
... View more