Who rated this post

Showing results for 
Search instead for 
Did you mean: 

I am still trying to understand the original statement. You said, according to wireshark, 8kb of traffic passed. Where did you run the whireshark? Client side, server side, FW itself? There is not enough info to answer your question properly.

All I can say at this point, the traffic passed seems to be related to HTTPSi validation of the application to block. 

Other than TLS handshake (not TCP handshake which is part of communication, but should not be as big as 8K), no actual data should pass. TLS handshake only includes certificate validation and authentication.

View solution in original post

Who rated this post