cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


569
Views
0
Helpful
1
Replies
Highlighted
Beginner

SSL decryption FirePower - span port

Hi,

does anyone know if it is possbible to span out decrypted traffic from FirePower 4110 (mirror port) ?

Also, does anyone have any good experience of using SSL inspection on FirePower?

Any pitfalls to be aware of?

Any feedback is much appreciated.

Everyone's tags (3)
1 REPLY 1
Cisco Employee

Re: SSL decryption FirePower - span port

You can't send any traffic out a span port on firepower.  Passive ports don't send traffic.

If you do decrypt on Firepower, the 80% hit on throughput because everything is running on Software needs to be factored in.  As long as you do that, you should be OK.


At some point the encryption chips to enable SSL decryption in the FTD platforms will be enabled, and then the throughput should go up for SSL.