Hey guys,
I hope someone might have some experience with this. I have a case with escalation more than a month now and we had not gotten closer to solving this. Here is what happened...we enabled https inspection, created a cert (validity for 10 years), installed it on few windows machines, works like a charm, users are blocked base don accessroles assigned in url rules...BUT, on mac, once we import the cert into keychain system, it works for say few hours, then with no changes, stops the next day. We tried different OS versions, different machines, no luck.
I even called Apple support, but they were not much help at all. They did try few things, such as deleting and re-importing the cert, but no dice.
If anyone experiences the same issue before, please be free to share any suggestions. The real issue is that when this happens, pdp monitor command on fw ONLY shows machine identity and NOT the user, though nothing on AD server would have changed at all.
Very frustrating...
Andy