Support Center > Search Results > SecureKnowledge Details
HTTPS traffic is inspected when it is configured to be bypassed
Symptoms
  • HTTPS Inspection is configured to "Bypass" traffic, but eventually the traffic is inspected, while Probe Bypass is disabled (enhanced_ssl_inspection=0)
  • Running WSTLSD debug (sk105559) during the issue results in the following messages in $FWDIR/log/wstlsd.elg:

    The reply is too old
    Not expecting other replies for this level (1). Validation failed
    OCSP response time obsolete. Response considered unreliable.
    .
    .

    The OCSP reply shows:
    isReplyTimeRecent: nextUpdate (0) or thisUpdate (1546409382) not present, assuming information is always available


Cause

Parsing error occurred on the OCSP reply "nextUpdate" field causes a OCSP (CRL) validation failure.


Solution
Note: To view this solution you need to Sign In .