topic Re: Cisco FirePOWER SSL Block in Network Security

Cisco FirePOWER SSL Block

chris.makely — Thu, 22 Aug 2019 20:02:04 GMT

Currently using FirePOWER, experiencing an unexpected SSL Block for some traffic, SSL rule has been created not to decrypt the traffic, URLs that are being accessed are whitelisted, SSL Flow error is Defer Cut Post CCs (0x0000197), SSL version TLSV1.2, The SSL flow flags show the handshake to be complete but yet FirePOWER is still blocking the traffic, I have an access policy for the internal source to allow all traffic from any network, any insight would be greatly appreciated. The service attempting to access my internal VMS is WISENet WAVESync

Re: Cisco FirePOWER SSL Block

Marvin Rhoads — Fri, 23 Aug 2019 18:07:23 GMT

Have you tried a packet capture with trace while filtering on the interesting traffic?

Re: Cisco FirePOWER SSL Block

chris.makely — Mon, 26 Aug 2019 15:33:46 GMT

Marvin,

I have not yet, that was my next step, i'll post with that data soon, thank you for the insight

Re: Cisco FirePOWER SSL Block

Isaac Smith — Mon, 26 Sep 2022 13:41:19 GMT

Probably a long shot but I am also seeing this. We enabled a monitor only rule to check for TLS versions and then a default rule of do not decrypt but still see a SSL block with that same SSL error which I find odd DEFER_CUT_POST_CCS

Re: Cisco FirePOWER SSL Block

tato386 — Wed, 09 Nov 2022 18:53:43 GMT

same exact error here. firepower ignores the "do not decrypt" SSL rule and gets blocked by default SSL rule. undecryptable actions are both block so no help there.