Unable to decrytion SSL web access by NGAF

Nguyen Quoc Bin Lv1Posted 16 Aug 2023 11:27

i try configuration decrytion SSL web site (NGAF Firewall 5100 license availabled, version software firewall is 8.0.47) , but not working. See more information as attachment screenshot.
Please help me, i don't know where is wrong

1. Config Decryption.png (41.27 KB, Downloads: 428)

1. Config Decryption.png

2. error decrytion.png (128.23 KB, Downloads: 421)

2. error decrytion.png

Newbie517762 has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

HiHi,

Attached is the file with the decryption steps for configuring the internal server.
Use it as a reference.
Decryption data to internal Server.pdf (412.45 KB, Downloads: 471)
Is this answer helpful?
Faisal P Posted 16 Aug 2023 11:52
  
Hi,

Please read the followings carefully when you come across any problem on handling the
device, and take any of the measures below:
1. Deploy and configure the SANGFOR SSL VPN device as instructed in this quick
configuration guide. User manual and other related electronic materials can be
downloaded at SANGFOR forum or official website.
2. Contact your hardware supplier (contractor) for technical support. To provide customers
with fast and satisfying after-sale services, SANGFOR has assigned professional and
qualified technicians to all distributors. Onsite and remote support will be provided for
some special cases.
3. Go to SANGFOR forum to search for a solution if you do not need urgent response.
4. Contact SANGFOR Customer Service. Describe the issue in detail and notify your
location and device supplier to SANGFOR Customer Service Representative. He/she
will provide you the solution and let you know where you could contact and obtain
technical support efficiently.
5. Please contact us through the followings:
Forum: http://forums.sangfor.com/index.php
Website: www.sangfor.com.cn
Tel: 4006306430 (dial via telephone or mobile phone)
Email: support@sangfor.com.cn
Link: https://www.sangfor.com/download/product/helpdoc/SSLM53EN.pdf

Thanks
Newbie517762 Lv5Posted 16 Aug 2023 12:52
  
HiHi,

Attached is the file with the decryption steps for configuring the internal server.
Use it as a reference.
Decryption data to internal Server.pdf (412.45 KB, Downloads: 471)
Jami Ullah Lv2Posted 16 Aug 2023 21:24
  
1. Configure SSL CA certificate.
2. Use the same certificate in your NGAF security rule. If you have selected Full SSL inspection, it will decrypt all the traffic, inspect it against any type of malware, encrypt it and will send that traffic to its destination.

I hope this will work for you.  
Imran Tahir Lv4Posted 21 Aug 2023 13:40
  
configure ssl certificates and call these certificates in you NGAF security roles
Farina Ahmed Lv5Posted 21 Aug 2023 13:56
  
One possible solution to this issue is to make sure that you have properly configured the SSL CA certificate and that you are using the same certificate in your NGAF security rule.

Checklist for troubleshooting SSL decryption issues on your NGAF Firewall 5100 with software version 8.0.47:

Check Logs: Examine firewall logs for SSL decryption error messages.

Certificates: Ensure valid SSL decryption certificates are installed.

Certificate Trust: Import and trust certificates on client devices.

SSL Policy: Verify SSL inspection policy settings and rules.

Cipher Suites: Confirm compatibility between firewall and server cipher suites.

Interception Bypass: Some sites prevent SSL interception (HPKP, HSTS).

Performance: Ensure firewall hardware handles decryption load.

Firmware Updates: Apply available updates or patches.

DNS Resolution: Check DNS settings for accurate domain resolution.

Troubleshooting Tools: Use built-in firewall tools for insights.

Support: Engage vendor support for specific guidance.
noime Lv3Posted 21 Aug 2023 16:45
  
If you've followed these steps and are still facing issues, it's recommended to reach out to Sangfor support. They can provide specific guidance based on your configuration and assist with troubleshooting.
NeTSec Lv3Posted 21 Aug 2023 16:46
  
If you've followed these steps and are still facing issues, it's recommended to reach out to Sangfor support. They can provide specific guidance based on your configuration and assist with troubleshooting.
Noah19 Lv3Posted 21 Aug 2023 16:46
  
Some websites use certificate pinning or other security mechanisms to prevent interception. These sites might not work with SSL decryption. Sangfor may have a bypass mechanism for such cases, so check the documentation.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders