Secure Connection Failed
The connection to website.domain.com was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Within the above example, the customer has TLS inspection disabled, yet they are unable to complete/create a secure connection to the HTTPS/TLS based web server. Although this could also occur if/when TLS inspection is enabled, this specific issue is not related to the inspection of TLS.
In "normal" circumstances, customer's are used to traffic from their office being sent from a single egress point (firewall). Because of this, traffic always has the same source IP address. SD-WAN, on the other hand, provides benefits that include increased network performance and reduced latency while using multiple points of egress (among other things).
In the above example, the TLS handshake is failing because the egress/source IP is changing.
Create a Network Rule to route the specific traffic out a single IP address.
1. Go to Networking - Network Rules
2. Add a new Internet Rule
3. Update the description/name the rule.
4. Click "Add" under "what". Add what destination traffic you would like to apply to the rule, i.e. add the domain under "TLD" to force all traffic to "domain.com" via the rule.
5. Click "Add" under "from". Add what source traffic you would like the rule to be applied to.
6. Click "Routing" at the bottom of the rule.
7. Select "NAT" under Route/NAT.
8. Click Add and select a single Allocated IP address to route the traffic through.
9. Save the rule.
All traffic will now be "forced" via that single IP address and should resolve the TLS handshake issue listed above.