Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Roy_Smith
Collaborator

What does "couldn't start inspection" mean?

Hi

In our logs, I see the message shown in the attached image. SSL Inspection blade is running and working, as I see other events with an HTTPS inspection status of inspect and bypass. What does "Internal system error in HTTPS Inspection (Couldn't start inspection)" really mean?

I think we always had these log entries but they seem to have increased considerably over the past few weeks from approx. 20K to over 300K per day. I'm still trying track down what, if anything, changed when this increase first started but I'm curious about the message in the screenshot. If anyone has any ideas that would be great. 

Many Thanks
Roy

 

2 Replies
PhoneBoy
Admin
Admin

What version of code?
It could be that the gateway is encountering unsupported ciphers or a client certificate.
In which case it will fail open/closed depending on the relevant setting.
0 Kudos
Roy_Smith
Collaborator

We are running VSX R80.10 Take189. We are due to upgrade to R80.30 at the end of February. 

I had actually wondered about cipher suites, as I know R80.10 does not have the same support as R80.30.  I don't suppose you can find out what ciphers are being negotiated during the session?

Yesterday, I changed to fail-open in app control, although it did not appear to make much difference but will monitor it today.

What is strange, is that the spike appears at the same time each day this week and lasts for 1-2 hours.  It does not seem to be related to a specific site or even a small number of sites as I have seen the logs generated for over 100 different applications.

Thanks
Roy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events