https://community.cisco.com/t5/network-security/amp-ssl-decryption/m-p/3885712#M30322 <P>Hmm SSL decryption definitely takes place prior to File analysis in the order of operations.&nbsp;&nbsp;</P> <P>Can you share a screenshot of your relevant ACP rule and associated file and SSL policies?</P> <P>I wonder if you are hitting a bug. What Firepower version are you running by the way?</P> <P>You may want to open a TAC case on this as it seems you have the right elements in place to make it work.</P> Sun, 07 Jul 2019 03:40:21 GMT Marvin Rhoads 2019-07-07T03:40:21Z https://community.cisco.com/t5/network-security/amp-ssl-decryption/m-p/3884483#M30267 <P>Hi,</P><P>I have AMP for network on Firepower 2130, have configured file policy etc and have been using this site to test</P><P><A href="https://www.eicar.org/?page_id=3950" target="_blank">https://www.eicar.org/?page_id=3950</A>.</P><P>&nbsp;</P><P>Http request are blocked by AMP, however https are not, we then configured ssl decryption, import certificate etc however it still doesnt work.</P><P>&nbsp;</P><P>Any help or guide would be much appreciated.</P><P>&nbsp;</P><P>Thanks</P> Thu, 04 Jul 2019 05:02:10 GMT https://community.cisco.com/t5/network-security/amp-ssl-decryption/m-p/3884483#M30267 ashleybabajee 2019-07-04T05:02:10Z https://community.cisco.com/t5/network-security/amp-ssl-decryption/m-p/3884836#M30287 <P>Have you confirmed your SSL decryption policy is working for the target page?</P> <P>That said, decrypting SSL/TLS en masse to protect against malware is generally a dead end exercise. It's much more effective to protect on the endpoints using something like Cisco AMP for Endpoints.</P> Thu, 04 Jul 2019 14:42:06 GMT https://community.cisco.com/t5/network-security/amp-ssl-decryption/m-p/3884836#M30287 Marvin Rhoads 2019-07-04T14:42:06Z https://community.cisco.com/t5/network-security/amp-ssl-decryption/m-p/3885056#M30306 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326046">@Marvin Rhoads</a>&nbsp;</P><P>&nbsp;</P><P>Yes, decryption works, i do get the page loaded with the certificate ,when i do http download it block the files, however for https it doesnt.</P><P>&nbsp;</P><P>We already got AMP for network, so i guess we have to make it work and maybe later migrate to Endpoint ones.</P> Fri, 05 Jul 2019 04:27:49 GMT https://community.cisco.com/t5/network-security/amp-ssl-decryption/m-p/3885056#M30306 ashleybabajee 2019-07-05T04:27:49Z https://community.cisco.com/t5/network-security/amp-ssl-decryption/m-p/3885712#M30322 <P>Hmm SSL decryption definitely takes place prior to File analysis in the order of operations.&nbsp;&nbsp;</P> <P>Can you share a screenshot of your relevant ACP rule and associated file and SSL policies?</P> <P>I wonder if you are hitting a bug. What Firepower version are you running by the way?</P> <P>You may want to open a TAC case on this as it seems you have the right elements in place to make it work.</P> Sun, 07 Jul 2019 03:40:21 GMT https://community.cisco.com/t5/network-security/amp-ssl-decryption/m-p/3885712#M30322 Marvin Rhoads 2019-07-07T03:40:21Z