our customer has a production machine, which tries to connect via proprietary SSLVPN to a remote server via IP Address.
there is no webfiler enabled on the firewall rule
and the following exceptions are in place:
excluded ip address via webfilter exceptions
as soon as DPI is turned on, the machine is unable to connect to the remote server.
From the DPI log I can see the following entry:
SSL/TLS inspection
2021-06-24 14:38:59
messageid="19006" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="" src_ip="10.*.*.*" dst_ip="194.*.*.*" user_group="" src_country="R1" dst_country="DEU" src_port="47520" dst_port="443" app_name="" app_id="0" category="IPAddress" category_id="83" con_id="803011456" rule_id="1" profile_id="1" rule_name="Exclusions by website or category" profile_name="Maximum compatibility" bitmask="" key_type="KEY_TYPE__UNKNOWN" fingerprint="" resumed="0" cert_chain_served="TRUE" cipher_suite="" sni="194.*.*.*" tls_version="Unknown" reason="Dropped due to TLS engine error: FLOW_TIMEOUT[5]" exception="av,https,validation,policy,sandstorm" message=""
even though it seems like the traffic matched the exception rules.
how can I bypass the DPI at all?
This thread was automatically locked due to age.
