Troubleshoot TLS Heartbeat

If your managed device has TLS crypto acceleration enabled, you can view connection events to determine whether or not the devices are seeing traffic with the TLS heartbeat extension. You must add at least the SSL Flow Messages event to the table view of connection events.

Before you begin

SSL heartbeat is indicated by the value of HEARTBEAT in the SSL Flow Messages column in the table view of connection events. To determine if applications in your network use SSL heartbeat, first perform the following tasks:

Configure an decryption policy with a setting for Decryption Errors on Undecryptable Actions page.

For more information, see Set Default Handling for Undecryptable Traffic.
Enable logging for your SSL rules as discussed in Secure Firewall Management Center and Threat Defense Management Network Administration.

Procedure

Step 1	Click Analysis > Connection > Events.
Step 2	Click Table View of Connection Events.
Step 3	Click x on any column in the connection events table to add additional columns for at least SSL Flow Flags and SSL Flow Messages. The following example shows adding the SSL Actual Action, SSL Flow Error, SSL Flow Flags, SSL Flow Messages, SSL Policy, and SSL Rule columns to the table of connection events.
Step 4	Click Apply. TLS heartbeat is indicated by the value of `HEARTBEAT` in the SSL Flow Messages column.
Step 5	If applications in your network use SSL heartbeat, see Decryption Rule Guidelines and Limitations.