cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1183
Views
0
Helpful
7
Replies

Cisco ASA 5525 Firepower (firesight 5.4) SSL Decryption a option?

newtonpara
Level 1
Level 1

I am getting ready to dump the cisco cx module on a asa 5525-x for the cisco asa firepower. I been using the cx module ssl decryption in order to get sight into ssl traffic.

 

Reading the release notes for Firesight 5.4 it seems cisco has now included SSL decryption as a onboard feature without the need for a dedicated ssl decryption appliance (i know performance is bad for compared to a appliance). 

 

Cisco can be kind of vague in release notes. Can someone confirm that now the asa firepower module does indeed support ssl decryption on asa 5525? 

1 Accepted Solution

Accepted Solutions

Version 6.0 will be the next major release. From what Cisco was saying publicly at Cisco Live this summer, it should be out this fall.  

The target mentioned then was to include SSL decpryption for FirePOWER modules; but that depends on everything going well enough in development and beta testing for it to make the final cut of included features.

The roadmap is most definitely the FirePOWER modules. When a given account is ready to move to that depends of course on the required feature set. If you need SSL decryption, the answer is not quite yet.

Beyond that, they don't publicly release roadmap details. If the specifics are of particular concern to your organization, you can contact your partner or Cisco account manager and request details under NDA.

As SSL becomes an increasingly large part of the overall traffic mix, it is going to be harder and harder to rely on any software-based solution. The majority of customers will not tolerate the 80-90% performance hit necessary to decrypt and re-encrypt every SSL frame in software. Add to that things like not being able to push an enterprise CA trusted key into all devices in a heavily BYOD situation such as many enterprises are now or are moving toward.

View solution in original post