A10 Thunder, SSL inspection and bypass troubles
manilaboy1vic
Member ✭
Hi,
I am posting regarding some troubles I am seeing on my network.
We do have a A10 Thunder doing SSL decryption and re-encryption.
Here is a description of a problem I am investigating:
Im trying to install software on my PC, which fails.
I also have a laptop which bypasses the A10 completely and the software install passes.
I performed a wireshark on both laptops to compare. I suggested whitelisting some domains and the issue still fails when going thru the A10. I have worked with the software developer as well, they advised to whitelist two particular domains.. which we have done... The PC going thru the A10 still fails.
Can you advise of any next steps or troubleshooting advice?
The main issue Im seeing is:
TLSv1 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)
This is on Alert is from a Frame where the source IP is my PC and the dest IP is this application server.
Also, the 'certificate' frame on the capture, with the SRC being the application server, shows the CA which is used with the A10.. If I am whitelisting the application server domain, how is there traffic still being decrypted?
Basically the capture looks like:
src: PC dst: app server = syn
src: app server dst: PC = syn, ack
src: PC dst: app server = ack
src: PC dst: app server = Client hello
src: app server dst: PC = server hello
src: app server dst: PC = psh, ack
src: app server dst: PC = Certificate
src: app server dst: PC = Server Key Exchange, hello done
src: PC dst: app server = ack
src: PC dst: app server = (Level: Fatal, Description: Certificate Unknown)
Any help would be greatly appreciated.
Thanks,
jv
I am posting regarding some troubles I am seeing on my network.
We do have a A10 Thunder doing SSL decryption and re-encryption.
Here is a description of a problem I am investigating:
Im trying to install software on my PC, which fails.
I also have a laptop which bypasses the A10 completely and the software install passes.
I performed a wireshark on both laptops to compare. I suggested whitelisting some domains and the issue still fails when going thru the A10. I have worked with the software developer as well, they advised to whitelist two particular domains.. which we have done... The PC going thru the A10 still fails.
Can you advise of any next steps or troubleshooting advice?
The main issue Im seeing is:
TLSv1 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)
This is on Alert is from a Frame where the source IP is my PC and the dest IP is this application server.
Also, the 'certificate' frame on the capture, with the SRC being the application server, shows the CA which is used with the A10.. If I am whitelisting the application server domain, how is there traffic still being decrypted?
Basically the capture looks like:
src: PC dst: app server = syn
src: app server dst: PC = syn, ack
src: PC dst: app server = ack
src: PC dst: app server = Client hello
src: app server dst: PC = server hello
src: app server dst: PC = psh, ack
src: app server dst: PC = Certificate
src: app server dst: PC = Server Key Exchange, hello done
src: PC dst: app server = ack
src: PC dst: app server = (Level: Fatal, Description: Certificate Unknown)
Any help would be greatly appreciated.
Thanks,
jv
0