topic ASA Firepower ssl decryption not consistent in Network Security https://community.cisco.com/t5/network-security/asa-firepower-ssl-decryption-not-consistent/m-p/3880646#M942048 <P>Hi all,</P><P>&nbsp;</P><P>We are running&nbsp; Cisco Fire Linux OS 6.2.3 (build13).</P><P>What is the issue: We run a SSL Policy with Decrypt - known.</P><P>50% of the requests to the webserver behind the firewall is allowed the other 50% is blocked, see 2 samples below.</P><TABLE><TBODY><TR><TD>Block</TD><TD>SSL Block</TD><TD><SPAN>y.y.y.y</SPAN></TD><TD><SPAN>No Authentication Required</SPAN></TD><TD>x.x.x.x</TD><TD>Internet</TD><TD>LAN</TD><TD>Decrypt (Known Key)</TD><TD>HTTPS</TD><TD>SSL client</TD></TR><TR><TD>Allow</TD><TD>&nbsp;</TD><TD><SPAN>y.y.y.y</SPAN></TD><TD><SPAN>No Authentication Required</SPAN></TD><TD>x.x.x.x</TD><TD>Internet</TD><TD>LAN</TD><TD>Do Not Decrypt</TD><TD>HTTPS</TD><TD>SSL client</TD></TR></TBODY></TABLE><P>This is from the same client to the same url.</P><P>I cannot find where it goes wrong.</P><P>Anyone have any idea?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 21 Feb 2020 17:14:56 GMT CSNetNOC 2020-02-21T17:14:56Z ASA Firepower ssl decryption not consistent https://community.cisco.com/t5/network-security/asa-firepower-ssl-decryption-not-consistent/m-p/3880646#M942048 <P>Hi all,</P><P>&nbsp;</P><P>We are running&nbsp; Cisco Fire Linux OS 6.2.3 (build13).</P><P>What is the issue: We run a SSL Policy with Decrypt - known.</P><P>50% of the requests to the webserver behind the firewall is allowed the other 50% is blocked, see 2 samples below.</P><TABLE><TBODY><TR><TD>Block</TD><TD>SSL Block</TD><TD><SPAN>y.y.y.y</SPAN></TD><TD><SPAN>No Authentication Required</SPAN></TD><TD>x.x.x.x</TD><TD>Internet</TD><TD>LAN</TD><TD>Decrypt (Known Key)</TD><TD>HTTPS</TD><TD>SSL client</TD></TR><TR><TD>Allow</TD><TD>&nbsp;</TD><TD><SPAN>y.y.y.y</SPAN></TD><TD><SPAN>No Authentication Required</SPAN></TD><TD>x.x.x.x</TD><TD>Internet</TD><TD>LAN</TD><TD>Do Not Decrypt</TD><TD>HTTPS</TD><TD>SSL client</TD></TR></TBODY></TABLE><P>This is from the same client to the same url.</P><P>I cannot find where it goes wrong.</P><P>Anyone have any idea?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 21 Feb 2020 17:14:56 GMT https://community.cisco.com/t5/network-security/asa-firepower-ssl-decryption-not-consistent/m-p/3880646#M942048 CSNetNOC 2020-02-21T17:14:56Z