TLS Inspection Rules

Question

Issue Summary: Slow Speed test SSL/TLS Inspection Summary of Call Discussion: 
 
 Traffic for the test system (172.xxx.xx.8) was passing through rule ID #2. 
 We observed a speed of 36 Mbps with the SSL/TLS inspection rule enabled. 
 After disabling the rule, the speed increased to 216 Mbps. 
 It appears that a custom SSL/TLS rule was created for LAN to WAN traffic with the action set to "decrypt." 
 We changed the action to "don't decrypt," and now the speed has increased to 221 Mbps. 
 Note that, based on your custom policy, the firewall will still block insecure SSL connections and protect the LAN network. 
 The issue is resolved.

Below shows Don't decrypt on all rules as recommended by support:

It has been one day since the change was made and now control center shows: 
 
 Am I missing an inspection rule? It would seem that the XG115 is no longer inspecting any encrypted traffic.

dirkkotte · Accepted Answer

Hello Jason M, yes, you are right, there must be an SSL inspection rule with the action "decrypt". Otherwise, SSL is checked but not decrypted. 
 According to the data sheet, a maximum of 130 MBit SSL decryption is possible with the XG115... under ideal conditions (possible, without other features) So the shown performance may be ok. 
 Full disabling the decryption should not be the solution, because the antivirus can't scan the content anymore.

TLS Inspection Rules

Top Replies