Support Center > Search Results > SecureKnowledge Details
Probe Bypass is initiated on non-SSL connection Technical Level
Symptoms
  • With HTTPS Inspection enabled, the application using non-standard port for HTTP connection, causes the Probe Bypass feature to run on the connection, resulting in holding SYN until it times out.

  • Kernel debug shows that port of the connection is not 443 but 8080:

    fwconn_lookup: conn <dir 0, 192.168.10.159:14125 -> 166.125.252.208:8080 IPP 6>;

    Then rulebase returned possible match and feature is enabled:

    PID:{ssl_insp} fw_https_inspection_exe_rulebase_SYN_ex: rulebase match returned: POSSIBLE;
    PID:{ssl_insp} fw_https_inspection_exe_rulebase_SYN_ex: status is 'POSSIBLE';
    PID:{ssl_insp} fw_https_inspection_exe_rulebase_SYN_ex: _chain->packetid = 148692520;
    PID:{ssl_insp} fw_https_inspection_exe_rulebase_SYN_ex: found = 0;
    PID:{ssl_insp} fw_https_inspection_exe_rulebase_SYN_ex: enhanced_ssl_inspection = 1;

    Then SYN packet put on HOLD:

    fw_handle_first_packet: Rulebase returned HOLD;
    fw_handle_first_packet: match on rule 1;
    fw_rule_count_count: counting one more connection on rule 1 (total 31563);
    fw_service_count_count: not counting service since service count is disabled;
    fw_filter_chain: handle_first_packet returned action HOLD for new conn;
    fw_filter_chain: Final switch, action=HOLD;

  • With enhanced_ssl_inspection property set to 0, problem does not happen.
Solution
 Note: To view this solution you need to Sign In .
SECURE YOUR EVERYTHING

©

Copyright | Privacy Policy
Follow Us