The purpose of this article is to describe the behavior obtained when a connection is denied different combinations of Protocol Detection and SSL Interception are used. This applies to Explicit environments only.

We will split it into four possible situations and outcomes. In all of them, we will suppose that a request is being blocked via policy:

1. Detect Protocol is enabled and the proxy is performing SSL interception on exception (default setting)
   
   Packet capture: Response to the CONNECT request is 200
   Policy trace: Response to the CONNECT request is 403
   Outcome: Exception page returned to the client as long as the client has the proper certificate installed.
    
2. Detect Protocol is disabled (default setting) and the proxy is performing SSL interception on exception (default setting)
   
   Packet capture and policy trace: Response to the CONNECT request is 403
   Outcome: Browser error, example: "Page cannot be displayed"
    
3. Detect Protocol is enabled and SSL Interception is disabled via policy
   
   Packet capture: Response to the CONNECT request is 200, but after the client sends the Client Hello, proxy replies with a RST-ACK.
   Policy trace: Response to the CONNECT request is 200
   Outcome: Browser error, e.g: "Page cannot be displayed"
    
4. Detect Protocol is enabled and SSL Interception enabled via policy
   
   Packet capture: Response to the CONNECT request is 200. 403 response to the encrypted request (seen as Application Data)
   Policy trace: Response to the CONNECT request is 403.
   Outcome: Exception page returned to the client as long as the client has the proper certificate installed.