05-15-2020 07:52 PM
Hi,
we have issue of block uploads for gmail and other public sites onedrive, dropbox, facebook,linkedin etc
I have followed below steps but its not working , I can see Do not decrypt in Connection events and ssl certificate on browser is not detected on browser.
1 - Generate Internal CA on FMC
2 - Import Certificate on Client Browser, In my case its Firefox
3 - Create SSL Policy Decrypt-Resign and select certificate created on above steps
4 - Create Access Policy to allow traffic from Inside to outside with Application gmail-attachment with action block
5 - Attach SSL Policy with Access Policy and keep policy on top
6 - Deploy Policy
7 - Verify on client browser and access gmail. com
8 - I can access gmail.com but cant see firepower certificate on browser
9 - In events logs I can see Do Not Decrypt - means its not working
Anything I am missing here or any suggestions please.
05-16-2020 01:27 AM
05-16-2020 02:59 AM
I hope below mentioned artical will help you to compare your configuration with this .
Correct if any mistake you did .
Also please check connection event in FMC traffic should match with your configured rule only , no other rule should override this ssl decryption rule .
Regards,
Harmesh Yadav
CCNP,CCSE
05-16-2020 06:43 PM
Hi,
Yes thanks, I followed this document but still have issues with ssl inspection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide