Showing Connection Failures

SonicOS keeps a list of recent DPI-SSL client-related connection failures. This is a powerful feature that:

• Lists DPI-SSL failed connections.
• Allows you to audit the failed connections.
• Provide a mechanism to automatically exclude some failing domains.

The dialog displays the run-time connection failures. The connection failures could be any of the following reasons:

• Failure to handshake with the Client
• Failure to handshake with the Server
• Failed to validate the domain name in the Client Hello
• Failure to authenticate the server (the server certificate issuer is not trusted)

The failure list is only available at run-time. The number logged for each failure is limited to ensure a single failure type does not overrun the entire buffer.

To use the connection failure list

1. Click Show Connection Failures. The Connection Failure List dialog displays.

   

   Each entry in this lists displays the:

   • Client Address
   • Server Address
   • Common Name – The common name of the failed connection’s domain. You can edit this entry inline before adding it to the automatic exclusion list.
   • Error Message – Provides contextual information associated with the connection that enables you to make appropriate choices about excluding this connection.

2. To add an entry to the exclusion list:

   1. Select the entry.

   2. Make any edits to the entry.

   3. Click Exclude.

3. To delete an entry:

   1. Select it.

   2. Click Clear.

4. To delete all entries, click Clear All.
5. When you have finished, click Close.