Re: Block Uploads - gmail _ Youtube _ Facebook etc

Fantas · ‎05-15-2020

Hi,

we have issue of block uploads for gmail and other public sites onedrive, dropbox, facebook,linkedin etc

I have followed below steps but its not working , I can see Do not decrypt in Connection events and ssl certificate on browser is not detected on browser.

1 - Generate Internal CA on FMC

2 - Import Certificate on Client Browser, In my case its Firefox

3 - Create SSL Policy Decrypt-Resign and select certificate created on above steps

4 - Create Access Policy to allow traffic from Inside to outside with Application gmail-attachment with action block

5 - Attach SSL Policy with Access Policy and keep policy on top

6 - Deploy Policy

7 - Verify on client browser and access gmail. com

8 - I can access gmail.com but cant see firepower certificate on browser

9 - In events logs I can see Do Not Decrypt - means its not working

Anything I am missing here or any suggestions please.

Mohammed al Baqari · ‎05-16-2020

In fp connection event check what rule is matched. You might be matching a
superseding rule with no encryption.

***** please remember to rate useful posts

harmesh88 · ‎05-16-2020

I hope below mentioned artical will help you to compare your configuration with this .

Correct if any mistake you did .

Also please check connection event in FMC traffic should match with your configured rule only , no other rule should override this ssl decryption rule .

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200202-Configuration-of-an-SSL-Inspection-Polic.html

Regards,

Harmesh Yadav

CCNP,CCSE

Fantas · ‎05-16-2020

Hi,

Yes thanks, I followed this document but still have issues with ssl inspection.