cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1672
Views
0
Helpful
1
Replies

SSL decryption FirePower - span port

magnus123
Level 1
Level 1

Hi,

does anyone know if it is possbible to span out decrypted traffic from FirePower 4110 (mirror port) ?

Also, does anyone have any good experience of using SSL inspection on FirePower?

Any pitfalls to be aware of?

Any feedback is much appreciated.

1 Reply 1

Jason Gervia
Cisco Employee
Cisco Employee

You can't send any traffic out a span port on firepower.  Passive ports don't send traffic.

If you do decrypt on Firepower, the 80% hit on throughput because everything is running on Software needs to be factored in.  As long as you do that, you should be OK.


At some point the encryption chips to enable SSL decryption in the FTD platforms will be enabled, and then the throughput should go up for SSL.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: