[AF] SSL decryption is Decryption, but there is still no WAF log alarm during the test. The Zones selection is wrong

Problem Description

The SSL Decryption function is configured and the site can be accessed normally, but no Web App Firewall log for the HTTPS site has been queried

Process——

Compared with HTTP sites, the firewall for HTTPS sites needs to be configured with SSL Decryption function;
Query the Logs to see the HTTP log alarm of the server IP, which is temporarily located as an SSL Decryption problem;
The source area of SSL Decryption is different from the source area of WAF Policies;
WAF Policies Zones selection diagram:

252985ce5d14c4f947.png (22.67 KB)
SSL Decryption Zones selection diagram:

222865ce5d216a05af.png (19.49 KB)

Root cause

SSL Decryption configuration Zones selection error

solution

Decryption SSL decryption source Zones should also be the Zones the client initiator is located. Just modify the source Zones;
To simply test whether the WAF policy is triggered, add 'and 1=1 after the test URL
View the alarm Logs

214645ce5d3d8e5a01.png (55.08 KB)

Original Link

https://support.sangfor.com.cn/cases/list?product_id=13&type=1&category_id=729&isOpen=true