Firepower SSH decryption?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-28-2017 03:12 AM - edited 02-20-2020 09:04 PM
I understand that cisco Firepower decrypts SSL. But it does not have a seperate option for SSH decryption ( like PaloAlto). My question is.. does it decrypt it by in the same policy ( SSL decryption policy that is) or it does not ?
- Labels:
-
AMP for Endpoints

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2017 03:39 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2017 01:10 PM
Firepower 5.4.1 and above is capable of doing SSL decryption, and the SSL decryption policy is way more granular with many different options.
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200202-Configuration-of-an-SSL-Inspection-Polic.html
Regards,
Jawad

As of the current FirePOWER software (Release 5.3.1), onboard SSL decryption for inspection of traffic is not supported. I've heard it may be coming in 5.4 (possibly later this quarter) but that's not yet available. When is is available, it will have a performance cost since line rate SSL decryption is computationally intensive.
So for now you would have to use a Cisco SSL appliance. They have purpose-built hardware for SSL decryption.
In either case, the inline device that's opening and inspecting the SSL traffic would need to have a special certificate that's allowed to issue child certificates and be trusted by all your clients. That typically means you need to have (or establish) an Enterprise PKI.