Scribd
Upload
16 views

Best Practices - iSSL - Troubleshooting Guide For Inline SSL

Uploaded by

chenminghao1982
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views

Best Practices - iSSL - Troubleshooting Guide For Inline SSL

Uploaded by

chenminghao1982
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

2018/10/30 Best Practices: iSSL: Troubleshooting guide for Inline SSL

Printable View | Help for this Page


iSSL: Troubleshooting guide for Inline SSL
Rate This Article (Average Rating: 3) Version 6 Click to add topics: Show Properties

Article Attachment Information

Article # 000003210

Title iSSL: Troubleshooting guide for Inline SSL

Objective What are the things to look for when troubleshooting Inline SSL

Environment GVUE­HC2
Procedure 1. Ensure Uboot is up­to­date. Please refer to KB 3103 for the pre­requisite requirements for Inline SSL.

show uboot
show version

2. Verify vport statistics. Ensure the numbers are incrementing. This will tell us if the traffic is making to the gigasmart card.

show vport stats all


show vport stats all (ensure the in and out numbers increment)

3. If traffic is received on vport however none of the traffic is getting decrypted. Please check that Primary signing CA is configu

show apps inline-ssl global

4. Check the forwarding state of Inline Network. Ensure it is in Normal state.


Please Note: If you see forwarding state as Abnormal, then it could be either Gigasmart card is down or the inline­tool has failed

show inline-network alias <Inline-Network-name>


show cards
show inline-tool (check the heart-beat)
show gsgroup stats all (check the gsgroup heartbeat)

5. Check Inline SSL session statistics. If there are active sessions that means Gigasmart is intercepting the traffic.

show apps inline-ssl session summary

6. Check the policy configuration and CA configuration is pushed to the Gigasmart. Ensure CA is set, Trust Store is set. Minium
version TLS1.2

show apps inline-ssl stats tls-proxy

Example snapshot:

Resolution: If the above is incorrect or not set or there is a parity between CLI configuration and what you see above,
a. Reload the gigasmart card.

card slot 5 down


no card slot 5 down

or
b. Disable and enable the specific setting should resolve this issue.

7. Whitelist / Blacklist issues / URL's not decrypting as per policy configuration ­ Customer has uploaded a whitelist but specific
vice­versa. Verify the whitelist and blacklist by running the following command.

Whitelist ­ No­Decrypt
Blacklist ­ Decrypt

show apps inline-ssl stats policy-dump

https://gigamon.my.salesforce.com/articles/Best_Practices/Troubleshooting-guide-for-Inline-SSL?popup=true 1/2
2018/10/30 Best Practices: iSSL: Troubleshooting guide for Inline SSL

8. Category lookup is failing or customer is trying a specific URL and it is not decrypting. Verify the Policy Verdict. This can be c

show apps inline-ssl stats policy-trace www.customerdomain.com

If lookup is pending, verify if the port eth2 is up and able to communicate to outside world.

show gigasmart engine details


gigasmart engine 1/1/e1 ping 8.8.8.8 start
gigasmart engine 1/1/e1 ping 8.8.8.8 stop

9. Website connectivity is intermittent. Webpage loads however page timesout sometime.


If webpage loading is intermittent, to isolate this issue, add the domain name as no­decrypt in the policy and re­verify. If the issu
that this is due to customer environment.

apps inline-ssl profile alias profile1


rule add domain www.chase.com no-decrypt

10.

Additional Notes

Internal Notes

Tag iSSL troubleshooting and monitoring tshoot troubleshoot inline ssl inline

Case Number Account Name Date/Time Opened Date/Time Closed Status Language Version Number
00113800 Robert W Baird & Co Inc 5/11/2018 6:37 AM 6/11/2018 8:19 AM Closed English 6
00106214 Gigamon Inc. 12/15/2017 12:23 AM 12/15/2017 1:40 AM Closed English 6
00101676 Fremont Bank 9/20/2017 12:01 PM 10/3/2017 11:27 AM Closed English 2
00096761 Gigamon Inc. 6/7/2017 1:34 AM 9/20/2017 8:25 AM Closed English 2
00100873 Gigamon Inc. 9/6/2017 2:52 AM 9/6/2017 9:04 AM Closed English 2

Show more »

https://gigamon.my.salesforce.com/articles/Best_Practices/Troubleshooting-guide-for-Inline-SSL?popup=true 2/2

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy