Anyone know whether SA interprets decrypted HTTPS the same way as plain-text HTTP ? We've got problem with extractions from decrypted HTTPS sessions. SA show particular requests but mostly their responses have a 0 byte size, and we are unable to got any artifacts from that session. Things got a little bit better when we enable Assemble partial content in system settings but still responses are truncated and SA seems to be unable to reassamble that.
We're running 8.1 SA. Tried it with two sources of decrypted SSL: ProxySG with Encrypted TAP and Checkpoint NGFW. In both cases it was the same.