https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3386275#M926110 <P>Hi,</P> <P>unfortunately I must agree with you regarding online documentation.</P> <P>We are still not able to resolve this issue and still have only HTTP response set.</P> <P>&nbsp;</P> <P>Br,</P> <P>Dragan</P> Mon, 21 May 2018 07:31:17 GMT draganzec 2018-05-21T07:31:17Z https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3312781#M926103 <P>Hi,</P> <P>we made a URL filtering rule (to block some URL categories) and set HTTP response page. And it is working ok.</P> <P>&nbsp;</P> <P>But in order to show users a response page when they are blocked accessing HTTPS site, SSL decryption needs to be activated (so manual says).</P> <P>&nbsp;</P> <P>We decided not to use SSL decryption due to an impact to traffic speed, but nevertheless we would like HTTPS response page.</P> <P>&nbsp;</P> <P>Is there an option to activate SSl decryption only on URLs that are in our URL filtering block rule?</P> <P>As far as I understand if we block URL with URL filtering, it won't even come to SSL decryption part.</P> <P>&nbsp;</P> <P>Thank you.</P> <P>&nbsp;</P> <P>Br,</P> <P>Dragan</P> Fri, 21 Feb 2020 15:09:26 GMT https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3312781#M926103 draganzec 2020-02-21T15:09:26Z https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3349486#M926105 <P>Hi</P> <P>&nbsp;</P> <P>SSL decryption has to configured to show block page for https sites.</P> <P>SSL decryption would happen first and then the URL filtering rule would be applied. If you are concerned with performance. You can create a rule with specific URL categories (which are supposed to be blocked) in SSL policy to be decrypted and rest all goes to default rule which is to do not decrypt.</P> <P>&nbsp;</P> <P>Thanks</P> <P>yogesh</P> Thu, 15 Mar 2018 19:59:47 GMT https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3349486#M926105 yogdhanu 2018-03-15T19:59:47Z https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3350797#M926107 <P>Hi,</P> <P>thanx for replying.</P> <P>We did create a rule with specific URL categories (which are supposed to be blocked) in SSL policy to be decrypted and applied this SSL policy to main Access Control policy.</P> <P>&nbsp;</P> <P>But decryption was applied to all users on the network and cuts our https traffic, even we put only one IP address of test PC inside networks inside SSl policy settings.</P> <P>&nbsp;</P> <P>Br,</P> <P>Dragan</P> Mon, 19 Mar 2018 11:47:31 GMT https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3350797#M926107 draganzec 2018-03-19T11:47:31Z https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3385619#M926109 <P>I'm interested in doing this too and have a ticket open with the TAC, but they cannot figure this out.&nbsp; Do you know of any documentation or examples in doing this?</P> <P>I have an ACL created today that blocks access to "Personal Storage", for example.&nbsp;</P> <P>&nbsp;</P> <P>Personal Storage sites (for example&nbsp; <A href="http://box.com" target="_blank">http://box.com</A> and <A href="https://www.box.com).&nbsp;" target="_blank">https://www.box.com).&nbsp;</A> When you go to the http site i deliver a http block page.&nbsp; Nice!</P> <P>&nbsp;</P> <P>I then tried to add a SSL policy from my ACL policy and deploy but it will not deploy. My SSL policy is very simple and calls for re-sign of the cert using certs from our CA.&nbsp;</P> <P>I'm trying to find any documentation or examples from a working setup on how the SSL Policy should be setup.&nbsp; The online documentation is horrible.&nbsp;</P> <P>Thanks for any feedback.</P> Fri, 18 May 2018 15:53:03 GMT https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3385619#M926109 jdworak14 2018-05-18T15:53:03Z https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3386275#M926110 <P>Hi,</P> <P>unfortunately I must agree with you regarding online documentation.</P> <P>We are still not able to resolve this issue and still have only HTTP response set.</P> <P>&nbsp;</P> <P>Br,</P> <P>Dragan</P> Mon, 21 May 2018 07:31:17 GMT https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3386275#M926110 draganzec 2018-05-21T07:31:17Z https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3387637#M926111 <P>We are facing the similar issue. Configured SSL decryption for the URL filtering of the https sites. But the behavior is very weird. The same user is able to open site-a using IE and getting blocked using Chrome. For few other sites, its vise versa. We are having a second thought if buying Firpower was wise decision.</P> <P>&nbsp;</P> <P>Please advise.</P> <P>&nbsp;</P> <P>Regards</P> <P>Saif</P> Wed, 23 May 2018 12:00:35 GMT https://community.cisco.com/t5/network-security/ssl-decryption-only-on-url-filtering-blocked-sites/m-p/3387637#M926111 saifuddin.miyaji 2018-05-23T12:00:35Z