Hi folks,

I'm managing two different clusters of R77.30 from the same SMS and it turns out that this "Categorize HTTPS Sites" can't be handle individually. If I tick the checkbox on and load the other cluster's policy, is on, if I tick it off and load the other cluster's policy, is off. So ok, seems to only be able to handle 1 for all cluster managed by the SMS.

That's not my problem though. HTTPS Inspection on these clusters is disabled. It seems the previous admins set it all up but at some point they disabled it for some reason (I presume it was hw resources).

So when tasked to set up some access for VisualStudio stuff I ended up enabling this "Categorize HTTPS Sites" because the login domain for the whole thing wasn't being matched. This made it work.

Now the problem is, other traffic that was working without this feature got broken and it's not matching. For instance a simple rule with "Trend Micro Active Update" and a custom site for *.trendmicro.com stopped working. So if it's actually looking at the DN of the certificate how come it isn't matching.

The host resolves to an akamaiedge host but the certificate has TrendMicro.com on it.

Any ideas? I'm not sure what to expect from this setup without HTTPS Inspection. What I can tell is what was working before I turned that on and what got broken afterwards.