show services ssl proxy counters

Session create failed

The number of failed proxy sessions

non SSL sessions received

The number of non-SSL sessions received

memory failures

The number of errors related to memory. Example, memory errors such as the device is on “low memory” is indicated by this counter.

session dropped

The number of dropped proxy sessions.

sessions matched

The number of matched proxy sessions.

sessions created

The number of newly created proxy sessions.

sessions destroyed

The number of dropped or destroyed proxy sessions.

sessions ignored

The number of proxy sessions that are ignored.

sessions ignored : backup only

The number of sessions ignored on the backup node in a chassis cluster setup.

In chassis cluster or high-availability mode, the SSL session is processed only on the active node and on the backup node session is ignored. This counter indicates the session ignored on the backup node.

sessions whitelisted : IP based

The number of all sessions that are allowlisted based on IP addresses.

sessions whitelisted : url based

The number of all sessions that are allowlisted based on the URL categories.

crl : data added

The number of times CRL data is added.

crl : certificate revoked

The number of sessions dropped because of checking for revoked certificates from servers.

crl : no crl info present

The number of sessions dropped because no CRL information was present.

crl : no CA certificate

The number of sessions dropped because no CA certificate was present.

SSL sessions

Number of SSL sessions

SMTP over STARTTLS

Number of SMTP over STARTTLS sessions

IMAP over STARTTLS

Number of IMAP over STARTTLS sessions

POP3 over STARTTLS

Number of POP3 over STARTTLS sessions

SMTP sessions

Number of SMTP sessions

IMAP sessions

Number of IMAP sessions

POP3 sessions

Number of POP3 sessions

Server not supporting STARTTLS

Number of times server not supported STARTTLS sessions

Client not supporting STARTTLS

Number of times client not supported STARTTLS sessions

Unified policy : default profile hit

The number of times sessions matched default SSL proxy profile.

Unified policy : no default profile

The number of times sessions are dropped because no default SSL proxy profile available.

proxy sess matched with early dynapp

The number of times sessions matched after receiving the dynamic application details from SNI.

proxy sess ignored with early dynapp

The number of times proxy sessions are disengaged after receiving details from SNI because no SSL proxy profile was configured or the matched pre-identification default policy action was to ignore the session.

proxy sess matched with ssl as dynapp

The number of times sessions are matched because the sessions received unknown application details from SNI or the sessions have not received details from SNI.

proxy sess ignored with ssl as dynapp

The number of times proxy sessions are disengaged either because SSL proxy profile was not configured for the matched policy or the matched pre-identification default policy action was to ignore the session

proxy sess matched with default fw policy

The number of times sessions matched after receiving the dynamic application details from SNI and identified application matched with default security policy.

proxy sess ignored with default fw policy

The number of times sessions disengaged because the identified dynamic application details from SNI has not matched with the default security policy.

proxy sess matched with pre-id fw policy

The number of times sessions matched after receiving the dynamic application details from SNI and the application matched pre-identification default policy.

proxy sess ignored with pre-id fw policy

The number of times sessions disengaged because the identified dynamic application details from SNI has not matched with the pre-identification default security policy.