In the connection failures, I see frequently external IPs attempting to connect to our web server in the DMZ and a connection failure is listed under DPI-SSL Client SSL Connection Failures as "server reset connection during handshake". The problem is there is no evidence of this in the syslog at all. The only thing being recorded in the syslog is "Connection Opened", "Packet allowed: matched Access Rule", "NAT Mapping", "DPI-SSL Inspection Cleaned-up" and "Connection Closed" for the IP address. (not necessarily in that order)
This becomes a real problem when we get a complaint from a customer saying they received a browser security error and I am trying to diagnose if it is a problem our our side or his side, but the logging information is incomplete.
NSA2600 HA pair running 18.104.22.168-79n