Certain sites' page cannot be displayed in an Active Inline deployment mode
book
Article ID: 168790
calendar_today
Updated On:
Products
SSL Visibility Appliance Software
Issue/Introduction
Certain websites page (or a section of it) cannot be displayed in an Active Inline deployment mode. SSL Session Log shows "Packet feedback timeout".
Access to these sites are known to be working fine without the SSL Visibility (SSLV) appliance in place. If the affected site cannot be accessed even without the SSLV or not deployed in Active Inline mode, this article is not applicable.
Cause
In an Active Inline deployment mode, if the amount of time it takes for a decrypted packet to pass through the Attached-Appliance device and return to the SSLV exceeds 1 second, it could cause SSL flows to time out. This causes a general "Page cannot be displayed" error on the web browser.
Resolution
SV 3.8.4 introduced a new "Feedback Timeout" setting which determines how long the SSL Visibility Appliance waits for a response before canceling a request and interrupting the SSL flow.
Changing the Feedback Timeout from Default to Extended under Policies > Segments > Appliance Feedback Options > Feedback Timeout will increase the timeout from 1 second to 5 seconds. It allows up to 5 seconds for a packet to get through the Attached-Appliance and return to the SSLV before failing with a Packet feedback timeout error.
The Default timeout is 1 second. The Extended timeout is 5 seconds.