You may notice some unusual packets on the copy port. Packets that don't seem to correlate with traffic coming in from the ingress or egress ports of the SSL Visibility Appliance. If you are monitoring traffic on either side your your appliance you don't not see these packets that are seen on the copy port.
The SSL Visibility Appliance sets a 24-hour timeout for each valid TCP flow. Upon the timeout, SSLV sends 2 FINs + one ACK onto the copy port(s) to close the plain text connections as part of inline flow eviction. The SSL Visibility Appliance will hold on to a connection until it is flushed from our flow table either by another, more recent connection or it reaches it's 24 hour time out.
Imported Document ID: 000032010
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.