logs regarding SSL Inspection

Options
Motivio
Motivio Posts: 21 image  Freshman Member
Friend Collector First Anniversary
in Security
What does the following log for SSL Inspection mean?

"SSL Inspection
Pass unsupported suite [server] connection. Rule_id:3"

and

"[client finished]Receive fatal alert message: desc = 48(unknown_ca) => Block/Reset SSL session!"

All Replies

  • Zyxel_Can
    Zyxel_Can Posts: 342 image  Zyxel Employee
    25 Answers First Comment Friend Collector

    Hi @Motivio,

    When you create SSL inspection profile, there is an option for “Action for connection with unsupported suit”.

    In this case, that event was created because one of client visited a website that it doesn’t supported by your SSL inspection’s suit, because it was chosen as “pass” so traffic were passed without inspecting.

    "[client finished]Receive fatal alert message: desc = 48(unknown_ca) => Block/Reset SSL session!"

    This device connects to server but local didn’t trust CA. So it created this log output.

     

    Can you try to update your certificates?

     

    (Configuration > UTM Profile > SSL Inspection > Certificate Update > Update Now)

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)