A10 Thunder, SSL inspection and bypass troubles

Community Forum Forums Thunder and AX Series General A10 Thunder, SSL inspection and bypass troubles

This topic contains 0 replies, has 1 voice, and was last updated by avatar manilaboy1vic 3 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #16722

    Hi,

    I am posting regarding some troubles I am seeing on my network.

    We do have a A10 Thunder doing SSL decryption and re-encryption.

    Here is a description of a problem I am investigating:

    Im trying to install software on my PC, which fails.

    I also have a laptop which bypasses the A10 completely and the software install passes.

    I performed a wireshark on both laptops to compare. I suggested whitelisting some domains and the issue still fails when going thru the A10. I have worked with the software developer as well, they advised to whitelist two particular domains.. which we have done… The PC going thru the A10 still fails.

    Can you advise of any next steps or troubleshooting advice?

    The main issue Im seeing is:

    TLSv1 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)

    This is on Alert is from a Frame where the source IP is my PC and the dest IP is this application server.

    Also, the ‘certificate’ frame on the capture, with the SRC being the application server, shows the CA which is used with the A10.. If I am whitelisting the application server domain, how is there traffic still being decrypted?

    Basically the capture looks like:

    src: PC dst: app server = syn
    src: app server dst: PC = syn, ack
    src: PC dst: app server = ack
    src: PC dst: app server = Client hello
    src: app server dst: PC = server hello
    src: app server dst: PC = psh, ack
    src: app server dst: PC = Certificate
    src: app server dst: PC = Server Key Exchange, hello done
    src: PC dst: app server = ack
    src: PC dst: app server = (Level: Fatal, Description: Certificate Unknown)

    Any help would be greatly appreciated.

    Thanks,

    jv

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Comments are closed.