cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19700
Views
35
Helpful
35
Replies

ASA Firepower ssl decryption

Vahid Tavajjohi
Level 1
Level 1

hi everyone

is Firepower support ssl decryption or should have sourcefire beside ASA?

 

thanks

35 Replies 35

Thanks Neno - I missed the release earlier this week as I'm strictly mobile while on vacation. :)

I was embargoed from discussing much as I had non-public information. But as the release notes mention, SSL decryption and a host of other features are now available in FirePOWER Management Center 6.0. 

"Cisco’s next-generation firewall (NGFW), Cisco ASA with FirePOWER Services, now has the ability to locally manage SSL communications and decrypt the traffic through ASDM before performing attack, application, and malware detection against it. This is the same capability we introduced in Version 5.4 for Cisco’s Firepower next-generation IPS (NGIPS) appliances. SSL decryption can be deployed in both passive and inline modes, and supports HTTPS and StartTLS-based applications (e.g., SMTPS, POP3S, FTPS, IMAPS, TelnetS). Decryption policies can be configured to exert granular control over encrypted traffic logging and handling, such as limiting decryption based on URL categories to enforce privacy concerns. It also provides the ability to block self-signed encrypted traffic, or on SSL version, specific Cipher Suites, and/or unapproved mobile devices."

No worries, I got your back! :) I have also been busy with work, vacation and study so I have been off the radar for a while. Thank you for posting the additional info around the release notes. 

Glad to see they finally have a "viable" NGFW.  Up until the 6.0 release they were light years behind Palo Alto or Checkpoint.  Still a long way to go for cisco to be considered in their league. But nice to see they are actually taking security serious.  

Please I need document to know the Throughput to SSL decryption to the CISCO FirePower 8120, example 100 Mbps.

I haven't seen a specific published benchmark study on the throughput with SSL decryption. I have heard to expect about 400 Mbps on a 3D8120 appliance

I do know it depends on what other features are enabled and on the percentage of traffic that needs to be decrypted. I don't have the specs on what traffic mix that number was based.

You are best off working with your Cisco SE if you need exact figures. A CPOC (Customer Proof Of Concept) test may be in order if it's a large deployment.

Thanks to everyone for posting under my question to find the answer and finally cisco add the feature.

Review Cisco Networking for a $25 gift card