We will split it into four possible situations and outcomes. In all of them, we will suppose that a request is being blocked via policy:
- Detect Protocol is enabled and the proxy is performing SSL interception on exception (default setting)
Packet capture: Response to the CONNECT request is 200
Policy trace: Response to the CONNECT request is 403
Outcome: Exception page returned to the client as long as the client has the proper certificate installed.
- Detect Protocol is disabled (default setting) and the proxy is performing SSL interception on exception (default setting)
Packet capture and policy trace: Response to the CONNECT request is 403
Outcome: Browser error, example: "Page cannot be displayed"
- Detect Protocol is enabled and SSL Interception is disabled via policy
Packet capture: Response to the CONNECT request is 200, but after the client sends the Client Hello, proxy replies with a RST-ACK.
Policy trace: Response to the CONNECT request is 200
Outcome: Browser error, e.g: "Page cannot be displayed"
- Detect Protocol is enabled and SSL Interception enabled via policy
Packet capture: Response to the CONNECT request is 200. 403 response to the encrypted request (seen as Application Data)
Policy trace: Response to the CONNECT request is 403.
Outcome: Exception page returned to the client as long as the client has the proper certificate installed.