AnsweredAssumed Answered

Encountering empty_ssl_conn only in proxy mode.

Question asked by Vladimir Yakovlev Champion on Jul 27, 2018

When SSL inspected inline, the action on sites working as intended. I.e. blocking, allowing and UserCheck all working fine.

 

When same gateway defined as explicit proxy, empty_ssl_conn is seen in the logs, even if the resource is properly identified:

 

Id: c0a8071e-6111-8a0a-5b5a-2fbf0b6b0013
Marker: @A@@B@1532577600@C@235894
Log Server Origin: 192.168.7.30
Time: 2018-07-26T20:31:59Z
Interface Direction: inbound
Interface Name: eth2
Id Generated By Indexer:false
First: true
Sequencenum: 48
HTTPS Inspection Action:Inspect
Resource: www.facebook.com
HTTPS Validation: empty_ssl_conn
Source: 10.101.25.10
Source Port: 64288
Destination: 10.101.25.1
Destination Port: 8080
IP Protocol: 6
Action: Detect
Type: Log
Policy Name: GW8010-Composite-Demo
Policy Management: SMS8010
Db Tag: {13210426-FAE9-A64B-A601-5FA02638CB1A}
Policy Date: 2018-07-26T20:04:22Z
Blade: HTTPS Inspection
Origin: GW8010
Service: TCP/8080
Product Family: Network
Interface: eth2
Description: www.facebook.com Detected

 

 

There are exactly two SKs referencing "empty_ssl_conn":

sk107755 and sk113172

 

and both are not applicable, as proven by successful treatment by inline HTTPS and the fact that in explicit proxy mode, connection is not terminated, but allowing pages to load. 

 

Has anyone seen this behavior and what remediation steps helped to troubleshoot this?

 

Thank you,

 

Vladimir 

Outcomes