Do not decrypt profile not working correctly?

I've got an Toon Thermostat, that creates an openVPN connection to the eneco datacenter for transmitting the usage data, as soon as i enable the SSL/TLS inspection the display shows "no connection to service center. I've created an rule that says "dont decrypt" for that specific host and even the complete network but still it fails on connecting, i guess this problem will occure for more iot devices when the SSL/TLS engine is turned on. When it doesnt connect there is nothing visible in the SSL/TLS inspection logviewe except from "do not decrypt"

Parents
  • Just to be sure:

    You are running EAP3 Refresh1? 

    Does it work, if you disable "all" SSL Rules? 

    __________________________________________________________________________________________________________________

  • Hi,

    I suspect that a bug that I thought was fixed in EAP3 refresh 1 still exists. I have been debugging a security camera installation for over a week and finally got it to work tonight by using the proxy in lieu of firewall rules with no features enabled - allow any, when refined it to the ports showing in the web logs issue started occurring. I was seeing lots of IPS issues, but nothing in the logs either IPS or TLS. Tonight I reviewed the GUI TLS errors and see a number of internal error 19006 for a number of applications.

    I also added URLs to the TLS exception list to no benefit.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi,

    I suspect that a bug that I thought was fixed in EAP3 refresh 1 still exists. I have been debugging a security camera installation for over a week and finally got it to work tonight by using the proxy in lieu of firewall rules with no features enabled - allow any, when refined it to the ports showing in the web logs issue started occurring. I was seeing lots of IPS issues, but nothing in the logs either IPS or TLS. Tonight I reviewed the GUI TLS errors and see a number of internal error 19006 for a number of applications.

    I also added URLs to the TLS exception list to no benefit.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data