There are packets on the copy port of my SSL Visibility Appliance that seem to unrelated to packets coming in from my ingress and egress ports.

book

Article ID: 169132

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

You may notice some unusual packets on the copy port. Packets that don't seem to correlate with traffic coming in from the ingress or egress ports of the SSL Visibility Appliance.  If you are monitoring traffic on either side your your appliance you don't not see these packets that are seen on the copy port.


 

Cause

The SSL Visibility Appliance sets a 24-hour timeout for each valid TCP flow. Upon the timeout, SSLV sends 2 FINs + one ACK onto the copy port(s) to close the plain text connections as part of inline flow eviction.  The SSL Visibility Appliance will hold on to a connection until it is flushed from our flow table either by another, more recent connection or it reaches it's 24 hour time out.