SSLVA logs "rule:0 resign Success" in the SSL Session Logs although the Catch All Action is set to Cut Through

book

Article ID: 168805

calendar_today

Updated On:

Products

Security Analytics SSL Visibility Appliance Software

Issue/Introduction

The log entry "rule:0 resign Success" appears in the SSL Session Logs although the Catch All Action is Cut-Through.

Resolution

This message means that a cached Decrypt Action is applied to the flow instead of the Policy Action.

This only happens when a cached session Action is changed from Decrypt to Cut-Through. It does not happen if the Action is changed from Encrypt to Reject/Drop, or other actions.

Rule 0 is the Catch All Action rule when no configured policies are matched.