Shall we start this new thread with the looks and feels of XG v18 MR-3?
Still not possible to get rid of theese? - 6 and 7 MONTHS old messages??
DPI TLS/SSL engine is still a mess. After upgrading to MR3, I enabled a firewall rule to use DPI instead of web proxy to test. One of the users who hits the rule called me to tell me he couldn't access a site (AOL mail) today. The error Chrome gives him is "ERR_CONNECTION_RESET." I looked in the logs, the TLS/SSL logs show no errors related to this site, in facts shows successful decryption. The Policy Tester shows it is allowed. No errors shown on the Control Center page under the TLS/SSL Connections widget. It just doesn't work with no explanation given at all on the XG. Add the URL as a Local TLS Exception and it works perfectly. I should add, the traffic works fine and is decrypted properly using Web Proxy engine.
I still can't believe this "feature" is in wide use in actual medium to large scale businesses. The web is vast and I can't imagine administrators sitting around all day chasing down broken sites to exclude due to the the DPI engine.
Oh, and FLOW_TIMEOUTs are still plentiful in MR3.
We have been using TLS/SSL for 200 + users and working.... need exception on some site which are non compliant.
please post a copy of your SSL/TLS setup so we can see where we are making mistakes.