08-22-2019 01:02 PM
Currently using FirePOWER, experiencing an unexpected SSL Block for some traffic, SSL rule has been created not to decrypt the traffic, URLs that are being accessed are whitelisted, SSL Flow error is Defer Cut Post CCs (0x0000197), SSL version TLSV1.2, The SSL flow flags show the handshake to be complete but yet FirePOWER is still blocking the traffic, I have an access policy for the internal source to allow all traffic from any network, any insight would be greatly appreciated. The service attempting to access my internal VMS is WISENet WAVESync
08-23-2019 11:07 AM
Have you tried a packet capture with trace while filtering on the interesting traffic?
08-26-2019 08:33 AM
Marvin,
I have not yet, that was my next step, i'll post with that data soon, thank you for the insight
09-26-2022 06:41 AM
Probably a long shot but I am also seeing this. We enabled a monitor only rule to check for TLS versions and then a default rule of do not decrypt but still see a SSL block with that same SSL error which I find odd DEFER_CUT_POST_CCS
11-09-2022 10:52 AM - edited 11-09-2022 10:53 AM
same exact error here. firepower ignores the "do not decrypt" SSL rule and gets blocked by default SSL rule. undecryptable actions are both block so no help there.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide