Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

TLS Inspection Rules

Issue Summary: Slow Speed test SSL/TLS Inspection

Summary of Call Discussion:

  • Traffic for the test system (172.xxx.xx.8) was passing through rule ID #2.
  • We observed a speed of 36 Mbps with the SSL/TLS inspection rule enabled.
  • After disabling the rule, the speed increased to 216 Mbps.
  • It appears that a custom SSL/TLS rule was created for LAN to WAN traffic with the action set to "decrypt."
  • We changed the action to "don't decrypt," and now the speed has increased to 221 Mbps.
  • Note that, based on your custom policy, the firewall will still block insecure SSL connections and protect the LAN network.
  • The issue is resolved.

Below shows Don't decrypt on all rules as recommended by support:

It has been one day since the change was made and now control center shows: 

      

Am I missing an inspection rule?  It would seem that the XG115 is no longer inspecting any encrypted traffic.



Added Firmware tag from case
[edited by: Erick Jan at 4:35 AM (GMT -7) on 17 Oct 2024]