topic FTD: SSL Error accessing management page from internal interface. in Network Security https://community.cisco.com/t5/network-security/ftd-ssl-error-accessing-management-page-from-internal-interface/m-p/4401571#M1080705 <P>I just installed a new FTD in Azure (standalone, not managed by FMC), running 6.7.0-65.</P><P>&nbsp;</P><P>I so far we have done no config, just set set a single static route to access our VNET and enabled management over the inside data interface. Getting a&nbsp;<SPAN>ERR_SSL_VERSION_OR_CIPHER_MISMATCH error accessing over the Inside Interface IP address, but works fine via the Management&nbsp;Interface.</SPAN></P><P>&nbsp;</P><P><SPAN>I did a packet inspection with Wireshark and can see that via Management&nbsp;Int TLS 1.2 is negotiated, but over the Inside Interface it tries and fails to negotiate TLS 1.0 (which I assume Cisco has disabled for security reasons). I have no idea why 1.0 is being attempted, I even tried disabling it on my browser, but get the same result.</SPAN></P><P>&nbsp;</P><P><SPAN>Again, all other settings on the FTDv are set at default for version 6.7. Taking a guess that maybe some kind of SSL inspection might be causing the issue, but haven't found what I need to disable, or what rule I need to create to allow (assuming that is even the issue).</SPAN></P> Wed, 12 May 2021 01:50:17 GMT sphbecker1 2021-05-12T01:50:17Z FTD: SSL Error accessing management page from internal interface. https://community.cisco.com/t5/network-security/ftd-ssl-error-accessing-management-page-from-internal-interface/m-p/4401571#M1080705 <P>I just installed a new FTD in Azure (standalone, not managed by FMC), running 6.7.0-65.</P><P>&nbsp;</P><P>I so far we have done no config, just set set a single static route to access our VNET and enabled management over the inside data interface. Getting a&nbsp;<SPAN>ERR_SSL_VERSION_OR_CIPHER_MISMATCH error accessing over the Inside Interface IP address, but works fine via the Management&nbsp;Interface.</SPAN></P><P>&nbsp;</P><P><SPAN>I did a packet inspection with Wireshark and can see that via Management&nbsp;Int TLS 1.2 is negotiated, but over the Inside Interface it tries and fails to negotiate TLS 1.0 (which I assume Cisco has disabled for security reasons). I have no idea why 1.0 is being attempted, I even tried disabling it on my browser, but get the same result.</SPAN></P><P>&nbsp;</P><P><SPAN>Again, all other settings on the FTDv are set at default for version 6.7. Taking a guess that maybe some kind of SSL inspection might be causing the issue, but haven't found what I need to disable, or what rule I need to create to allow (assuming that is even the issue).</SPAN></P> Wed, 12 May 2021 01:50:17 GMT https://community.cisco.com/t5/network-security/ftd-ssl-error-accessing-management-page-from-internal-interface/m-p/4401571#M1080705 sphbecker1 2021-05-12T01:50:17Z