Solved: Cisco firepower ngips SSL inspection

marine253 · ‎08-03-2018

Hello , a company is acquiring a cisco firepower to protect their ebanking website (SSL encrypted).

IPS signatures will be activated to protect the Ebanking website , but all traffic going through the firepower will already be encrypted.

Question : Will the Cisco firepower be able to block any attacks happening inside the SSL packets? Or will it just act like a dumb forwarding device ? :)

Marvin Rhoads · ‎08-06-2018

You cannot decrypt incoming traffic properly without the server's certificate AND private key.

Once you have those in place (along with a properly configured SSL Policy), the decryption and end user experience will be seamless.

View solution in original post

Marvin Rhoads · ‎08-04-2018

You can install the server certificate on the Firepower appliance and create a decryption policy for that destination. The appliance will then be able to decrypt and inspect all of the connections as plain text. It will re-encrypt them and send them on (assuming they haven't been blocked as malicious).

marine253 · ‎08-05-2018

Thanks for your message.

Quick question, if i don't install the certificate my users will get a certificate error right?

Also , once i generate the crc file for my ebanking web server (apache in this case) ,my certificate will be generated based on that. Won't this cause any issues to install the same certificate on the firepower afterwards?

Thanks

Marvin Rhoads · ‎08-06-2018

You cannot decrypt incoming traffic properly without the server's certificate AND private key.

Once you have those in place (along with a properly configured SSL Policy), the decryption and end user experience will be seamless.

marine253 · ‎08-06-2018

thanks Marvin