https://community.cisco.com/t5/network-security/ssl-decrypting-only-search-engine-bound-traffic/m-p/2933914#M43555 <P>Yes. It is generally recommended that an SSL decryption policy be restricted to the sites you really need to decrypt for just the reason you encountered.</P> <P>We would do this in your example by using an application rule in the SSL Policy.</P> <P>Config Guide Reference:</P> <P>http://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/Decryption_Tuning_Using_SSL_Rules.html#ID-2255-00000027</P> <P>Screenshot of example (open in new tab to zoom):</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/ssl_decrypt_rule.jpg" class="migrated-markup-image" /></P> Mon, 26 Sep 2016 20:21:30 GMT Marvin Rhoads 2016-09-26T20:21:30Z https://community.cisco.com/t5/network-security/ssl-decrypting-only-search-engine-bound-traffic/m-p/2933913#M43552 <P>In the new release of FirePower 6.1 you can enable SafeSearch to restrict results of searches. &nbsp;The only problem is that you have to use SSL,</P> <P><A href="http://www.cisco.com/c/en/us/td/docs/security/firepower/610/relnotes/Firepower_System_Release_Notes_Version_610.html#pgfId-726143" target="_blank">6.1 release notes</A></P> <BLOCKQUOTE> <P><SPAN>It should be noted that SSL decryption policies must be configured for both of these features to work, especially because most search engines are now using SSL encryption.</SPAN></P> </BLOCKQUOTE> <P><SPAN>We recently had SSL decryption turned on and it was crashing the FirePower modules. &nbsp;We were told by TAC that the 5545 with the modules couldn't handle the amount of SSL decryption we were doing. &nbsp;So in the end we really didn't see a need to keep doing SSL decryption because of the performance lost. &nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>"SafeSearch" is one feature as an education&nbsp;institution&nbsp;that we need to have turned on. &nbsp;Is their a way to just send search engine bound traffic through SSL policy for decryption and "do not decrypt" all other traffic?</SPAN></P> <P><SPAN></SPAN></P> Sun, 10 Mar 2019 13:41:26 GMT https://community.cisco.com/t5/network-security/ssl-decrypting-only-search-engine-bound-traffic/m-p/2933913#M43552 tsiemers1 2019-03-10T13:41:26Z https://community.cisco.com/t5/network-security/ssl-decrypting-only-search-engine-bound-traffic/m-p/2933914#M43555 <P>Yes. It is generally recommended that an SSL decryption policy be restricted to the sites you really need to decrypt for just the reason you encountered.</P> <P>We would do this in your example by using an application rule in the SSL Policy.</P> <P>Config Guide Reference:</P> <P>http://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/Decryption_Tuning_Using_SSL_Rules.html#ID-2255-00000027</P> <P>Screenshot of example (open in new tab to zoom):</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/ssl_decrypt_rule.jpg" class="migrated-markup-image" /></P> Mon, 26 Sep 2016 20:21:30 GMT https://community.cisco.com/t5/network-security/ssl-decrypting-only-search-engine-bound-traffic/m-p/2933914#M43555 Marvin Rhoads 2016-09-26T20:21:30Z