Certain sites' page cannot be displayed in an Active Inline deployment mode

book

Article ID: 168790

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

Certain websites page (or a section of it) cannot be displayed in an Active Inline deployment mode. SSL Session Log shows "Packet feedback timeout".

Access to these sites are known to be working fine without the SSL Visibility (SSLV) appliance in place. If the affected site cannot be accessed even without the SSLV or not deployed in Active Inline mode, this article is not applicable.

Cause

In an Active Inline deployment mode, if the amount of time it takes for a decrypted packet to pass through the Attached-Appliance device and return to the SSLV exceeds 1 second, it could cause SSL flows to time out. This causes a general "Page cannot be displayed" error on the web browser.

Resolution

SV 3.8.4 introduced a new "Feedback Timeout" setting which determines how long the SSL Visibility Appliance waits for a response before canceling a request and interrupting the SSL flow.

Changing the Feedback Timeout from Default to Extended under Policies > Segments > Appliance Feedback Options > Feedback Timeout will increase the timeout from 1 second to 5 seconds. It allows up to 5 seconds for a packet to get through the Attached-Appliance and return to the SSLV before failing with a Packet feedback timeout error.

The Default timeout is 1 second. The Extended timeout is 5 seconds.