Hey there,
We've got a weird issue with one application failing because it looks like the XG isn't forwarding the TLS packets appropriately on one link.
A: XG135 (SFOS 19.0.1 MR-1-Build365)
10.109.10.250
B: XG330 (SFOS 19.0.1 MR-1-Build365)
10.100.25.19
Changes made:
- hostnames and IPs are already added to the exclusion lists
- Firewall rule is as close any / any between these two hosts as you can get.
- nothing in the logs to indicate that the packets are being dropped.
- all SSL/TLS inspections bypassed
- secondary link changed to primary via gateway manager
Packet captures at the ingress and egress ports on the XG135 show that TLSv1.2 initiation packets are not being passed on to the second link. Attached images show the end PC sending a 'Client Hello' packet and receiving a 'Server Hello' return when on the main link.. however, when changed to the secondary these packets are again sent to the XG135 but are not being egressed to the secondary MPLS link but just repeatedly being sent..(time stamps may be a little out, but trust me, it's the same every time)
EGRESS PRIMARY
SECONDARY
PC IN
XG EGRESS
Any help would be greatly appreciated
This thread was automatically locked due to age.
