https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459518#M1083318 <P>I am using version on 6.0 on a physical 1600 FMC, we have configured a proxy in order to download updates from FMC and things like this. In house we also have the Smart Software Manager Satellite for licenses.</P><P>From FMC we are able to download updates but we can't reach the Satellite from the FMC after pasting the token generated from Satellite, my worry is that exceptions have to be configured on FMC but it has no options for that, looks like a limitation.</P><P>Does anyone know if exceptions can be configured, if they are needed at all, or any idea?</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>Davide&nbsp;</P> Fri, 03 Sep 2021 15:23:13 GMT DavideRanalli97851 2021-09-03T15:23:13Z https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459518#M1083318 <P>I am using version on 6.0 on a physical 1600 FMC, we have configured a proxy in order to download updates from FMC and things like this. In house we also have the Smart Software Manager Satellite for licenses.</P><P>From FMC we are able to download updates but we can't reach the Satellite from the FMC after pasting the token generated from Satellite, my worry is that exceptions have to be configured on FMC but it has no options for that, looks like a limitation.</P><P>Does anyone know if exceptions can be configured, if they are needed at all, or any idea?</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>Davide&nbsp;</P> Fri, 03 Sep 2021 15:23:13 GMT https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459518#M1083318 DavideRanalli97851 2021-09-03T15:23:13Z https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459781#M1083328 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1173409">@DavideRanalli97851</a>,</P><P>Unfortunatelly, there is no possibility to configure exceptions list, while using proxy on Firepower. There is an enhancement request filed as <A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva74145/?rfs=iqvred" target="_self">CSCva74145</A>, which is still open.</P><P>What stops you of permitting Satelite communication over proxy? If you are using TLS, just create TLS decryption exception (otherwise you would need to think of a way FMC trusts your TLS-decryption certificate). You could also try communicating over plain HTTP.</P><P>BR,</P><P>Milos</P><P>&nbsp;</P> Sat, 04 Sep 2021 05:44:11 GMT https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459781#M1083328 Milos_Jovanovic 2021-09-04T05:44:11Z https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459796#M1083331 Hi,<BR /><BR />No, you can't configure proxy exceptions on FMC. These have to be<BR />configured on proxy to bypass FMC traffic when going to SSM.<BR /><BR />Also, try to move from 6.0. It's very outdated.<BR /><BR />**** please remember to rate useful posts<BR /> Sat, 04 Sep 2021 07:02:06 GMT https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459796#M1083331 Mohammed al Baqari 2021-09-04T07:02:06Z https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459844#M1083334 <P>Hi Milos,</P><P>&nbsp;</P><P>thanks for the ideas, i tried configuring a "Do not decrypt" policy clicking on SSL tab under the Access Control tab, but still not able to reach the Satellite, why would a&nbsp;<SPAN>TLS decryption exception policy need to be configured?</SPAN></P><P><SPAN>Satellite and FMC both refer to the same pki we have in house.</SPAN></P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>Davide</P> Sat, 04 Sep 2021 12:25:24 GMT https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459844#M1083334 DavideRanalli97851 2021-09-04T12:25:24Z https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459909#M1083341 <P>No, not on FMC/FTD. What I meant, you should configure proxy on FMC (like you need to), but then configure exception on proxy - when traffic is coming from FMC, bypass it from TLS decryption on proxy and/or permit it towards Satelite (and Internet, in order to download updates).</P><P>BR,</P><P>Milos</P> Sat, 04 Sep 2021 20:05:03 GMT https://community.cisco.com/t5/network-security/proxy-exceptions-on-fmc-version-6-0/m-p/4459909#M1083341 Milos_Jovanovic 2021-09-04T20:05:03Z