cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2556
Views
5
Helpful
3
Replies

Cisco Firepower

saquib011
Beginner
Beginner
Hi Everyone, I have one scenario but don't know how to do, one of my client asked me to block attachment option form Skype application. It means that there organisation users are able to use everything in Skype but don't able to attach any file. Can anyone tell me how to achieve this scenario i have Asa 5525x firepower SFR. Regards Saquib
1 Accepted Solution

Accepted Solutions

yogdhanu
Cisco Employee
Cisco Employee

Hi Saquib,

 

You would require SSL decryption policy on the SFR so SFR can decrypt the traffic and then block "Skype file transfer" application using application control.

SSL policy is must as once traffic is encrypted, firepower or no other device for that matter can see the traffic and apply any restriction.

When you apply SSL policy, you might want to try it in off-production hours first as SSL takes huge amount of resources and can cause performance issues if the device is already being utilized to its full capacity.

 

Here is the article for SSL policy. You need decrypt-resign rule.

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200202-Configuration-of-an-SSL-Inspection-Polic.html

 

Hope it helps,

yogesh

View solution in original post

3 Replies 3

yogdhanu
Cisco Employee
Cisco Employee

Hi Saquib,

 

You would require SSL decryption policy on the SFR so SFR can decrypt the traffic and then block "Skype file transfer" application using application control.

SSL policy is must as once traffic is encrypted, firepower or no other device for that matter can see the traffic and apply any restriction.

When you apply SSL policy, you might want to try it in off-production hours first as SSL takes huge amount of resources and can cause performance issues if the device is already being utilized to its full capacity.

 

Here is the article for SSL policy. You need decrypt-resign rule.

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200202-Configuration-of-an-SSL-Inspection-Polic.html

 

Hope it helps,

yogesh

Thanks for your suggestion.
Is this the only solution we have through SFR

Hi

 

Yes that's the only way through SFR.

 

Thanks

Yogesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers