DPI error 19006: googleapis.com - Failure to pass SafetyNet validation.

Version: SFOS 18.0.0 EAP3-Refresh1

An environment under a generic firewall enforcement configuration. I have not applied the security configuration such as a web filter.

Android does not pass Google Play Services SafetyNet validation.

Is anyone reproduced?

Validation can be passed to Android's cache. Please be careful about reproduction.

Parents
  • Video record is here

    and. The SSL / TLS inspection log shows no sign.

    Video time is 23:18. The last log timestamp is 23:17.

  • When using proxy mode, you can see the checkbox for HTTPS decryption is unchecked.
    When using DPI mode, the HTTPS inspection is controlled by the rules in the SSL/TLS inspection rules tab.
    I don't know what safetynet uses, but can you temporarily disable all scanning rules (or put in a high level Do Not Decrypt rule in) and try again.
    I just want to make sure you are doing an apples-to-apples comparison.

    I am surprised that in all of that, the TLS log for that IP only shows one thing and for an unrelated domain.
    That's why I am asking to test with making sure all traffic is Do Not Decrypt.

Reply
  • When using proxy mode, you can see the checkbox for HTTPS decryption is unchecked.
    When using DPI mode, the HTTPS inspection is controlled by the rules in the SSL/TLS inspection rules tab.
    I don't know what safetynet uses, but can you temporarily disable all scanning rules (or put in a high level Do Not Decrypt rule in) and try again.
    I just want to make sure you are doing an apples-to-apples comparison.

    I am surprised that in all of that, the TLS log for that IP only shows one thing and for an unrelated domain.
    That's why I am asking to test with making sure all traffic is Do Not Decrypt.

Children