Hi All:
I'm using 81E and did some https traffic, and saw re-signed ca from captured packets. And I wanna know which command can find the ssl inspection statistics. I got one, but I'm not sure what stand for "C" and "T". Is "C" for current? what's for "T"?:
FGT81ETK19002696 # diag ips ssl sta ------------------ SSL configuration -------------------- Bypass: false Session resumption: true -------------------- SSL statistics --------------------- SSL transactions: C/T/E/S SSL v3: 0/0/0/0 TLS 1.0: 0/0/0/0 TLS 1.1: 0/0/0/0 TLS 1.2: 3312629/3335323/0/0
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
C - completed transactions, e.g., ssl server replied end of session
T - number of transactions, e.g., ssl hello message started
E - exempted transactions from ssl, e.g., addr, whitelist, ip geography, fqdn
S - PTS (protected the server) mode
C - completed transactions, e.g., ssl server replied end of session
T - number of transactions, e.g., ssl hello message started
E - exempted transactions from ssl, e.g., addr, whitelist, ip geography, fqdn
S - PTS (protected the server) mode
Thanks for your reply. PS: do you know where to find the dpissl connection counter? For examples, https access to https://www.google.com from lan to wan and it's supposed there's one dpissl connection. Where can I find the counter?
Thanks
Can try 'diag ips ssl status':
Packet Modes:
Dry run: 0 --> ssl inspection mode is read-only Inline: 0 --> ssl inspection mode is active, read/write traffic Dynamic to dry: 0 --> switch to read only mode Dynamic to inline: 0 --> switch to read/write mode Inline offload: 0 --> ssl inspection detached from inspection
The above stats is for flow-based utm mode which is done by ipsengine daemon. For proxy-based utm mode, check 'diag wad stats' output, which is done by wad daemon. By default, utm profiles are flow-based in latest firmware.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.