https://community.cisco.com/t5/network-security/how-https-scanning-works-in-cisco-asa/m-p/2946545#M148102 <P>Thanks for clearing my doubts.&nbsp;<BR /><BR />Is there any document for details description of HTTPS inspecting about Cisco firepower?</P> <P>&nbsp;</P> Mon, 02 Jan 2017 12:06:31 GMT contactvatsalshah 2017-01-02T12:06:31Z https://community.cisco.com/t5/network-security/how-https-scanning-works-in-cisco-asa/m-p/2946543#M148100 <P>Hello,</P> <P>Very eager to know about how HTTPS works on CISCO ASA with firepower subscription?</P> <P>can anyone please tell me how cisco asa scan HTTPS packets and block web categories applied by admin? Does it use certificate or something else?<BR /><BR /><BR /></P> Tue, 12 Mar 2019 08:43:28 GMT https://community.cisco.com/t5/network-security/how-https-scanning-works-in-cisco-asa/m-p/2946543#M148100 contactvatsalshah 2019-03-12T08:43:28Z https://community.cisco.com/t5/network-security/how-https-scanning-works-in-cisco-asa/m-p/2946544#M148101 <P>FirePower gets a certificate that has to be trusted by your clients or come from an internal trusted CA.</P> <P>When the client connects to a HTTPS-ressource (can also be other services that work with TLS), then FP issues a new certificate on the fly with the subject of the destination server. With that it&nbsp;makes itself a Man-in-the-middle and can inspect the data.</P> <P>In general, it's the same as probably all HTTP-inspecting gateways work.</P> Mon, 02 Jan 2017 11:07:11 GMT https://community.cisco.com/t5/network-security/how-https-scanning-works-in-cisco-asa/m-p/2946544#M148101 Karsten Iwen 2017-01-02T11:07:11Z https://community.cisco.com/t5/network-security/how-https-scanning-works-in-cisco-asa/m-p/2946545#M148102 <P>Thanks for clearing my doubts.&nbsp;<BR /><BR />Is there any document for details description of HTTPS inspecting about Cisco firepower?</P> <P>&nbsp;</P> Mon, 02 Jan 2017 12:06:31 GMT https://community.cisco.com/t5/network-security/how-https-scanning-works-in-cisco-asa/m-p/2946545#M148102 contactvatsalshah 2017-01-02T12:06:31Z https://community.cisco.com/t5/network-security/how-https-scanning-works-in-cisco-asa/m-p/2946546#M148104 <P>The config guide shows it in much detail:</P> <P><A href="http://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/understanding_traffic_decryption.html">http://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/understanding_traffic_decryption.html</A></P> Mon, 02 Jan 2017 12:54:16 GMT https://community.cisco.com/t5/network-security/how-https-scanning-works-in-cisco-asa/m-p/2946546#M148104 Karsten Iwen 2017-01-02T12:54:16Z