Hi guys, We wittnessed a very strange phenomenon this morning. First we received a call that our VPN gateway was not accepting any VPN connections. At the same time we received calls that certain websites were not accessible. These websites had in common that they were SSL encrypted. We have 2 PA-500 firewalls with a HA configuration. SSL decryption is enabled for certain networks (workstations). SSL decryption uses a different certificate than our VPN gateway. Both certificates are valid. As soon as we turned off SSL decryption, the VPN gateway started to accept connections. When we turned SSL decryption back on we noticed that some websites were decrypted while others were not. The sites that were not decrypted should have been decrypted. They were not in the "Do-not-Decrypt" list. To be certain the firewall was doing the job right, I deleted the certificate cache on my browser. I also visited sites that were SSL encrypted which I had not visited before. We are a bit puzzled what happened here. Currently we have SSL decryption turned off but would like to have it on again. The PA-500 is a few software versions behind. Currently on version 7.1.2 I have tried to find anything related in the release notes of the newer versions that might indicate a problem with our current version. I was not able to find this. Any ideas what might be going on? Remko
... View more