cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
964
Views
5
Helpful
1
Replies

ASA Firepower malware inspection of SSL decrypted traffic bug

tonypearce1
Level 3
Level 3

Unencrypted malware blocking is working fine. 

 

If you implement a SSL decryption policy for HTTPS web traffic and configure an ACP rule to inspect the HTTPS traffic for malware, one of two things will happen:

1.  Either the Firepower module will detect the traffic as malware and the action will be ALLOW. The result is the malware is successfully downloaded

2. Or the Firepower module will detect the traffic as malware with the action as BLOCK. However, again the malware is successfully downloaded. The blocking action is not performed and TCP conversation completes normally.

 

Covered under bug CSCvm32267 

 

Running Firepower 6.2

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Thanks for the info!

Review Cisco Networking for a $25 gift card