ProxySG & Advanced Secure Gateway

Hi, 

I've collected Policy trace logs and want to know to understand the SSL Intercept and SSL Bypass for the same URL. 

Ex: krisp.ai application Policy trace logs collected for both SSL intercept and SSL Bypass. 

Thankyou in Advance. 

Hi,
when you add this to a CPL-Layer: 

<proxy>
url.domain="nasa.gov"   trace.request(yes) trace.destination("Trace-log123")

<ssl>
url.domain="nasa.gov"   trace.request(yes) trace.destination("Trace-log123")

and!!!
SSL-Interception is active:

You will find: 
1. tcp://nasa.gov - this is the TCP-Handshake between Proxy and Webserver
2. ssl://nasa.gov - this is the SSL-Handshake, where Proxy and Webserver negotiate the Chipers, tls-version and certificate(s).
3. GET https://nasa.gov/path/index.html - This is the Download of Files/html etc. from the Webserver.

When SSL-Interception is switched off: you will only see the TCP and the SSL
When SSL-Detection is switched off: you should only see the TCP

Or: 
When the default rule on your Proxy is set to deny - you would need to allow bypassed-traffic in the VPM/CPL - you could add an Trace-Log (trace.request(yes) trace.destination("bypass-log") to this rule, that allows the bypass-traffic. (Ok this will also work with default on allow).
And in the other case: add an trace-log to the ssl-interception rule: (trace.request(yes) trace.destination("SSL-Intercepted")

First of all, in the access logs, if you only see CONNECT request and SSL, no https - this means there was no interception.

The different protocols (TCP, SSL and HTTPS) that appear in Reporter reports

Secondly, you can enable trace in SSL Interception or SSL Access layer, and it will show you the SSL policy avaluation.

One last thing, if you only see CONNECT requests, this means the application probably doesn't trust the Certificate or something else in the TLS\SSL and just keeps trying to connect again after dropping the connection each time.