Observed behavior:
In the log viewer and Control Center "SSL/TLS inspection" Report, show me allways the FTP application.
Desired:
the correct application detected must be HTTP or XMPP for example
Reproduce it:
Browse in internet any web page, open the Log Viewer , Go to SSL/TLS inspection, it show always FTP application.
Supporting logs:
messageid="19004" log_type="SSL" log_component="SSL" severity="Information" user="" src_ip="172.16.16.100" bytes_sent="4088" bytes_received="5952" dst_ip="172.217.192.84" user_group="" src_country="R1" dst_country="USA" src_port="1185" dst_port="443" app_name="FTP" app_id="0" category="Information Technology" category_id="29" con_id="0" rule_id="3" profile_id="1" rule_name="Decrypt" profile_name="Maximum compatibility" bitmask="Valid" key_type="KEY_TYPE__RSA" fingerprint="2a:73:1e:c3:0f:7f:db:8c:1d:a7:d" session="0" cert_chain_served="TRUE" cipher_suite="TLS_AES_128_GCM_SHA256" sni="accounts.google.com" tls_version="TLS version - 1.3" reason="" exception="" message=""
messageid="19004" log_type="SSL" log_component="SSL" severity="Information" user="" src_ip="172.16.16.100" bytes_sent="1001" bytes_received="6332" dst_ip="52.201.19.143" user_group="" src_country="R1" dst_country="USA" src_port="1257" dst_port="443" app_name="FTP" app_id="0" category="News" category_id="41" con_id="0" rule_id="3" profile_id="1" rule_name="Decrypt" profile_name="Maximum compatibility" bitmask="Valid" key_type="KEY_TYPE__RSA" fingerprint="46:f9:5b:ca:7a:bc:b6:ed:7d:cb:5" session="0" cert_chain_served="TRUE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" sni="especial.elcomercio.pe" tls_version="TLS version - 1.2"
messageid="19004" log_type="SSL" log_component="SSL" severity="Information" user="" src_ip="172.16.16.100" bytes_sent="4982" bytes_received="477198" dst_ip="xxxxx" user_group="" src_country="R1" dst_country="PER" src_port="32697" dst_port="5222" app_name="FTP" app_id="0" category="General Business" category_id="6" con_id="0" rule_id="3" profile_id="1" rule_name="Decrypt" profile_name="Maximum compatibility" bitmask="Invalid issuer" key_type="KEY_TYPE__RSA" fingerprint="ce:ec:63:8a:59:82:37:02:f2:f2:0" session="0" cert_chain_served="FALSE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" sni="chasqui.yachay.pe" tls_version="TLS version - 1.2" reason="" exception="" message=""