I have a problem regarding to the connection for transit the https traffic. We've attempt do dump using PCAP by setting up the datapath-debug. The following are the result of PCAP.
TCP dump, failed TLS.
At this point the source host send the hello packet to the server. But it seems the server didn't reply hello packet to the client. The following should be depicts of successful TLS connection.
Is there something not configured on SRX?
Does the policy that permits the traffic have deep insprection or decryption enabled?
If so these may be doing something unexpected. If not, then there is nothing the SRX is doing to the stream that would affect the transaction.
We have no SSL inspection enabled. Can you tell me how to check the decryption on SRX?
Please note, the following are the valid session regarding to my first post.The destination host might not the same due the source host randomizes the IP address based on their service.
valid session on https and TLS
We can see if the content of the policy has any references to the inspection engines.
show configuration security policy from-zone AAA to-zone BBB policy Forti_Webservice
look for application-services utm-policy
or : application-firewall
SSL decryption is activated in the policy as well using ssl-proxy
If none of these are active then the session is being permitted and not manipulated so the issue will be outside the SRX.
We don't use utm-policy or ssl-proxy configured on the security policy. Just simple permits the connection.
https security policy.then would be as you said, the problem might the outside of SRX.
Right there is no inspection present on this policy that would drop some packets in the stream then.
Thanks, the problem just solved. The host tcp traffic is encrypted by SSL. Then we use transit toward the ssl proxy server to make it able worked well.