cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Blog- Changes on Community Labels
106
Views
0
Helpful
2
Replies

Firepower SSL decrypt and pass without encrypt

Hello everyone,

 

We have ASA5525X with Firepower SFR module where we are implementin SSL decryption with known key for internal servers. Right now we are planning changing our Citrix Netscaler load-balancers with F5 and security department is going implement second SSL decryption for WAF features work. So in this scenario the performance of sll traffic warns me. What i want to know whether it is possible in Firepower configuration to decrypt, inspect and pass without encrypting back as plain text so that F5 won`t do decyrption process again.

 

Thanks in advance!

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Master

Re: Firepower SSL decrypt and pass without encrypt

I know what you mean and have use other ADCs (Netscaler) to decrypt and pass on unencrypted. Unfortunately that's not currently an option with firepower (as of the current 6.3 release).

 

Even if you decrypt with a known key, Firepower will reencrypt after evaluating access control rules and passing the traffic on to the destination.

2 REPLIES
Highlighted
Hall of Fame Master

Re: Firepower SSL decrypt and pass without encrypt

I know what you mean and have use other ADCs (Netscaler) to decrypt and pass on unencrypted. Unfortunately that's not currently an option with firepower (as of the current 6.3 release).

 

Even if you decrypt with a known key, Firepower will reencrypt after evaluating access control rules and passing the traffic on to the destination.

Re: Firepower SSL decrypt and pass without encrypt

Thanks, Marvin, for you repsonse.

CreatePlease to create content
Blog-Cisco Community Designated VIP Dinner CLEUR2019