https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684662#M193697 <P>Hi,</P><P>Thank you for answer.</P><P>But, then I’ll still have usual issues when there is no SSL interception like:</P><UL><LI>Block all destination that doesn’t have valid cert.</LI><LI>Cannot see inside HTTPS traffic for let say DLP or malware scanning</LI><LI>Cannot see inside HTTPS traffic for HTTP methods, you can only see HTTPS CONNECT method.</LI><LI>Block SSL, user cannot see error page because there is no SSL interception. &nbsp;</LI></UL><P>So, for that we need SSL Appliance?</P> Fri, 17 Jul 2015 15:35:12 GMT Juraj Ban 2015-07-17T15:35:12Z https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684660#M193695 <P>Can ASA with FirePower services inspect SSL traffic or we need SSL inspection appliance.</P><P>How can ASA force Application Control for SSL. Let say, allow only reading of Social Networking while bloking upload/post if not be able to see inside SSL?</P> Tue, 12 Mar 2019 06:17:00 GMT https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684660#M193695 Juraj Ban 2019-03-12T06:17:00Z https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684661#M193696 <P>ASA cannot block HTTPS</P><P>Firepower has an option of URL blocking that treats http and https as equal</P><P>You can go through it for more info:</P><P>&nbsp;</P><P>http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AC-Rules-App-URL-Reputation.html#pgfId-1537119</P><P>&nbsp;</P><P>Regards,</P><P>Puneesh</P><P><EM><STRONG><SPAN style="font-size:10px;">Please rate the helpful posts</SPAN></STRONG></EM></P> Fri, 17 Jul 2015 15:10:16 GMT https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684661#M193696 Puneesh Chhabra 2015-07-17T15:10:16Z https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684662#M193697 <P>Hi,</P><P>Thank you for answer.</P><P>But, then I’ll still have usual issues when there is no SSL interception like:</P><UL><LI>Block all destination that doesn’t have valid cert.</LI><LI>Cannot see inside HTTPS traffic for let say DLP or malware scanning</LI><LI>Cannot see inside HTTPS traffic for HTTP methods, you can only see HTTPS CONNECT method.</LI><LI>Block SSL, user cannot see error page because there is no SSL interception. &nbsp;</LI></UL><P>So, for that we need SSL Appliance?</P> Fri, 17 Jul 2015 15:35:12 GMT https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684662#M193697 Juraj Ban 2015-07-17T15:35:12Z https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684663#M193699 <P>Yes, you'd require web application firewalls for all those.</P><P>&nbsp;</P><P>Regards,</P><P>Puneesh</P><P><EM style="font-size: 14.3999996185303px; background-color: rgb(249, 249, 249);"><STRONG><SPAN style="font-size: 10px;">Please rate the helpful posts</SPAN></STRONG></EM></P> Sat, 18 Jul 2015 01:57:37 GMT https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684663#M193699 Puneesh Chhabra 2015-07-18T01:57:37Z https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684664#M193701 <P>Hi,</P><P>Adding on to what puneesh said , we can use DNS REGEX on the ASA device is the DNS queries are going through the ASA device and then block the HTTPS websites as well if only blocking is required and not looking in the SSL header is the required.</P><P>Thanks and Regards,</P><P>Vibhor Amrodia<BR />&nbsp;</P> Sat, 18 Jul 2015 05:23:46 GMT https://community.cisco.com/t5/network-security/web-ssl-inspection/m-p/2684664#M193701 Vibhor Amrodia 2015-07-18T05:23:46Z