topic Re: cisco asa firepower - SSL Block Reason in Network Security

cisco asa firepower - SSL Block Reason

muhammadreza — Tue, 12 Mar 2019 13:51:16 GMT

Hi All

Our office deployment of Cisco ASA w/ Firepower blocking some whatsapp application feature (send receive image/video/file, call and video call), only text are working

Connection event log show block reason are SSL Block from internal source to some whatsapp URL/Domain port https and with Do Not decrypt SSL Status.

Our SSL Policy for this traffic are fall into default action which is Do Not Decrypt and our network access policy allow any any from inside to outside.

How to un-block/bypass this traffic ?

thanks before

Reza

Re: cisco asa firepower - SSL Block Reason

rcmcdermott11 — Fri, 27 Jul 2018 17:31:16 GMT

Misread that initially. Can you show the blocking event it is matching?

Re: cisco asa firepower - SSL Block Reason

Raghunath Kulkarni — Mon, 30 Jul 2018 03:39:25 GMT

Hi,

One of the easy way to determine what within the SSL is causing the traffic to be blocked is to navigate to the connection events, click on table view of the events.

By default, there are certain fields shown up, since we want to know what is causing SSL to determine the block, click on one of the fields at the "X" field to disable the field. You will see a drop down of all the fields available. Select all the SSL related fields and save it.

Upon refresh, it would provide details on what within SSL is marking it as to be blocked.