Issue Summary: Slow Speed test SSL/TLS Inspection Summary of Call Discussion: Traffic for the test system (172.xxx.xx.8) was passing through rule ID #2. We observed a speed of 36 Mbps with the SSL/TLS inspection rule enabled. After disabling the rule, the speed increased to 216 Mbps. It appears that a custom SSL/TLS rule was created for LAN to WAN traffic with the action set to "decrypt." We changed the action to "don't decrypt," and now the speed has increased to 221 Mbps. Note that, based on your custom policy, the firewall will still block insecure SSL connections and protect the LAN network. The issue is resolved. Below shows Don't decrypt on all rules as recommended by support: It has been one day since the change was made and now control center shows: Am I missing an inspection rule? It would seem that the XG115 is no longer inspecting any encrypted traffic.

TLS Inspection Rules

Jason M 4 days ago

Issue Summary: Slow Speed test SSL/TLS Inspection

Summary of Call Discussion:

Traffic for the test system (172.xxx.xx.8) was passing through rule ID #2.
We observed a speed of 36 Mbps with the SSL/TLS inspection rule enabled.
After disabling the rule, the speed increased to 216 Mbps.
It appears that a custom SSL/TLS rule was created for LAN to WAN traffic with the action set to "decrypt."
We changed the action to "don't decrypt," and now the speed has increased to 221 Mbps.
Note that, based on your custom policy, the firewall will still block insecure SSL connections and protect the LAN network.
The issue is resolved.

Below shows Don't decrypt on all rules as recommended by support:

It has been one day since the change was made and now control center shows:

Am I missing an inspection rule? It would seem that the XG115 is no longer inspecting any encrypted traffic.

Edited TAGs
[edited by: Erick Jan at 11:52 PM (GMT -7) on 10 Oct 2024]

Parents

Reply

Children

No Data