10-06-2014 10:24 PM - edited 03-11-2019 09:52 PM
hi everyone
is Firepower support ssl decryption or should have sourcefire beside ASA?
thanks
Solved! Go to Solution.
11-13-2015 08:41 PM
Thanks Neno - I missed the release earlier this week as I'm strictly mobile while on vacation. :)
I was embargoed from discussing much as I had non-public information. But as the release notes mention, SSL decryption and a host of other features are now available in FirePOWER Management Center 6.0.
"Cisco’s next-generation firewall (NGFW), Cisco ASA with FirePOWER Services, now has the ability to locally manage SSL communications and decrypt the traffic through ASDM before performing attack, application, and malware detection against it. This is the same capability we introduced in Version 5.4 for Cisco’s Firepower next-generation IPS (NGIPS) appliances. SSL decryption can be deployed in both passive and inline modes, and supports HTTPS and StartTLS-based applications (e.g., SMTPS, POP3S, FTPS, IMAPS, TelnetS). Decryption policies can be configured to exert granular control over encrypted traffic logging and handling, such as limiting decryption based on URL categories to enforce privacy concerns. It also provides the ability to block self-signed encrypted traffic, or on SSL version, specific Cipher Suites, and/or unapproved mobile devices."
11-16-2015 07:45 PM
No worries, I got your back! :) I have also been busy with work, vacation and study so I have been off the radar for a while. Thank you for posting the additional info around the release notes.
12-24-2015 08:25 AM
Glad to see they finally have a "viable" NGFW. Up until the 6.0 release they were light years behind Palo Alto or Checkpoint. Still a long way to go for cisco to be considered in their league. But nice to see they are actually taking security serious.
12-31-2015 07:21 AM
Please I need document to know the Throughput to SSL decryption to the CISCO FirePower 8120, example 100 Mbps.
12-31-2015 05:10 PM
I haven't seen a specific published benchmark study on the throughput with SSL decryption. I have heard to expect about 400 Mbps on a 3D8120 appliance
I do know it depends on what other features are enabled and on the percentage of traffic that needs to be decrypted. I don't have the specs on what traffic mix that number was based.
You are best off working with your Cisco SE if you need exact figures. A CPOC (Customer Proof Of Concept) test may be in order if it's a large deployment.
11-19-2015 05:42 AM
Thanks to everyone for posting under my question to find the answer and finally cisco add the feature.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide