Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1473
Views
0
Helpful
1
Replies

Cisco FirePower FTDs with SSL decryption - Best Practises Design

mmomchilov
Level 1
Level 1

‎07-15-2019 04:31 AM - edited ‎02-21-2020 09:18 AM

Hi, I have a question about the proper design when using FTD with SSL decryption. When I want to use decryption and I want to decrypt traffic for inspection I need to replace the certificate but in case this certificate is trusted there is a problem also with client which use Chrome and Firefox (and many other browsers) - they check the certificate name (for example Firefox is using Strict transport Security - HTTP Strict Transport Security (HSTS - see RFC 6797) and also have their own CAs (I mean for the Firefox).

What is the recommendation and best practice from Cisco, when we wan to use SSL decryption in a huge mesh environment like an ISP ( Internet service Provider) and also check this traffic (you know today approximately 80% percent of the traffic is encrypted)?

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎07-15-2019 04:51 AM

here is the good document for decryption with FTD :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-ssl-decryption.html

 

here is Cisco live Lab document for reference :

 

http://128.107.245.145/media/media/CiscoLiveVegas_LABSEC-1010_Verma_S6P9a8A.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card