Can't apply SSL policy on Sourcefire Access Control Rule

yong khang NG · ‎07-31-2016

Hi all,

I can't apply the newly create SSL policy to Access Control Policy, as it prompt the error message as "SSL Inspection is not supported on one or more of the targeted devices"

Apparently this error message it too generic, i not really sure what mistake that i had done, no clue for any correction.

As i doing the troubleshooting, i get this log whenever i try to apply the Access Control Policy on the target device (please refer to attached: problem 2.png)

Any clue of what happen on the firesight and firepower?

Thanks

Noel

platform setup

firesight is running on 5.4.1.3

firepower is running on 5.4.0.4

firepower is running on ASA5585X chassis, the ASA setup in HA mode, active-passive, running on ASA 9.4.1 code

Jetsy Mathew · ‎07-31-2016

Hello Yong,

Please upgrade your devices to the latest version and try the same. Refer the following release notes for the same.

http://www.cisco.com/c/en/us/td/docs/security/firepower/601/relnotes/firepower-system-release-notes-version-601.html

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200202-Configuration-of-an-SSL-Inspection-Polic.html

Rate and mark correct if the post helps you

Regards

Jetsy

Pujita Patni · ‎08-01-2016

Hi Yong,

As Jetsy mentioned you will have to upgrade your devices to use the mentioned feature.

SSL decryption for Cisco ASA with Firepower Services was introduced in version 6.0. For NGIPS devices, this feature was added in version 5.4, but not for the ASA Firepower.

So you would need to upgrade your devices at a minimum of 6.0 to use this feature.

Thanks,

Pujita

Rate if it helps !