SSL 解密破坏文件下载

SSL 解密破坏文件下载

8582
Created On 06/01/21 20:50 PM - Last Modified 03/03/23 01:57 AM


Symptom


SSL 解密破坏文件下载PAN-OS10.0。

Environment


  • PAN-OS 10.0.5 及以下。
  • SSL 已启用转发代理解密。

Cause



如果 L2 标头在目标地址中有广播地址,则会发现数据包被拒绝的问题。 可以在数据包诊断日志中找到以下日志消息:
== 2021-03-11 11:35:42.653 -0600 ==
Packet decoded dump:
L2: ff:ff:ff:ff:ff:ff->ff:ff:ff:ff:ff:ff, type 0x0800 <<<<<<<<
IP: 1.1.1.1 > 2.2.2.2 , protocol 6
TCP: sport 443, dport 54961, seq 2417310679, ack 191684466,
Forwarding lookup, ingress interface 64
L3 mode, router 2
L2 broadcast cannot be forwarded in L3 mode normally <<<<<<<<
. . .

 

Resolution


  • 此问题已在PAN-OS10.0.6。
  • PAN-162663:修复了间歇性问题firewall数据包在解密中丢失的地方SSL/TLS会议。
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VWiCAM&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language