https://community.cisco.com/t5/network-security/firepower-ssl-decrypt-and-pass-without-encrypt/m-p/3797706#M1011043 <P>Hello everyone,</P> <P>&nbsp;</P> <P>We have ASA5525X with Firepower SFR module where we are implementin SSL decryption with known key for internal servers. Right now we are planning changing our Citrix Netscaler load-balancers with F5 and security department is going implement second SSL decryption for WAF features work. So in this scenario the performance of sll traffic warns me. What i want to know whether it is possible in Firepower configuration to decrypt, inspect and pass without encrypting back as plain text so that F5 won`t do decyrption process again.</P> <P>&nbsp;</P> <P>Thanks in advance!</P> Tue, 12 Mar 2019 14:16:56 GMT orkhan.rustamli.96 2019-03-12T14:16:56Z https://community.cisco.com/t5/network-security/firepower-ssl-decrypt-and-pass-without-encrypt/m-p/3797706#M1011043 <P>Hello everyone,</P> <P>&nbsp;</P> <P>We have ASA5525X with Firepower SFR module where we are implementin SSL decryption with known key for internal servers. Right now we are planning changing our Citrix Netscaler load-balancers with F5 and security department is going implement second SSL decryption for WAF features work. So in this scenario the performance of sll traffic warns me. What i want to know whether it is possible in Firepower configuration to decrypt, inspect and pass without encrypting back as plain text so that F5 won`t do decyrption process again.</P> <P>&nbsp;</P> <P>Thanks in advance!</P> Tue, 12 Mar 2019 14:16:56 GMT https://community.cisco.com/t5/network-security/firepower-ssl-decrypt-and-pass-without-encrypt/m-p/3797706#M1011043 orkhan.rustamli.96 2019-03-12T14:16:56Z https://community.cisco.com/t5/network-security/firepower-ssl-decrypt-and-pass-without-encrypt/m-p/3798244#M1011044 <P>I know what you mean and have use other ADCs (Netscaler) to decrypt and pass on unencrypted. Unfortunately that's not currently an option with firepower (as of the current 6.3 release).</P> <P>&nbsp;</P> <P>Even if you decrypt with a known key, Firepower will reencrypt after evaluating access control rules and passing the traffic on to the destination.</P> Sat, 09 Feb 2019 03:54:49 GMT https://community.cisco.com/t5/network-security/firepower-ssl-decrypt-and-pass-without-encrypt/m-p/3798244#M1011044 Marvin Rhoads 2019-02-09T03:54:49Z https://community.cisco.com/t5/network-security/firepower-ssl-decrypt-and-pass-without-encrypt/m-p/3798917#M1011045 <P>Thanks, Marvin, for you repsonse.</P> Mon, 11 Feb 2019 06:19:40 GMT https://community.cisco.com/t5/network-security/firepower-ssl-decrypt-and-pass-without-encrypt/m-p/3798917#M1011045 orkhan.rustamli.96 2019-02-11T06:19:40Z