CATP and DPI-SSL
Rather than add to old threads on CATP figured to start new. It seems the service is going downhill, not sure whether undersized platform doing the sandboxing on SW's end or recent firmware on the firewalls. Seems to have gotten worse on 220.127.116.11-79n and even more so on 18.104.22.168.-83n, but could just be ramped up load on SW's site. Nearly all PDFs get blocked, but may get a partial display before it goes away to an error (despite BUV), then when retry get the scan window, which takes FOREVER and a day. The PDFs are from many different sites. The product is becoming unusable, and customers are increasingly annoyed. Of course since DPI-SSL is such a PITA I've been forced to turn it off at many sites, which reduces the number of issues with CATP because of all the encrypted content it can no longer scan and therefore get hung up on.
DPI-SSL seems to be blocking more and more sites, and I would think that more, not less, sites are now in compliance with certificate requirements. Most of the time there is no mention under Show Connection Failures.
Both of these features have cost me countless unbillable hours.