01-22-2021 04:45 AM
Dear community,
I have installed Cisco Firepower 2010 installed, and I manage it via FMC. I have setup the policies and traffic is all working ok without SSL decryption policy. However when I enable SSL decryption policy, my text messages do not go through the network. Communication with the Internet works fine, but Skype and Viber text messages do not go through.
I have tested it myself and as soon as I remove SSL decryption Policy from the Access Policy, text messages pass through the traffic properly.
Do you have any idea why and what could be affecting the text messages communication to not go through from an SSL decryption policy perspective?
From my general knowledge, SSL decryption policy is used to only decrypt traffic but not manage communication access. Am I missing something?
Any suggestion or information provided would be highly appreciated.
Thank you,
L
Solved! Go to Solution.
01-22-2021 09:56 AM
Those applications and others (WhatsApp, Telegram etc.) use end-to-end encryption with SSL/TLS certificate pinning. So any man-in-the-middle decrypt and re-sign action (such as the FTD does) will break that trust chain and cause the issues you report. You need to exempt those applications from your SSL policy for them to work.
01-22-2021 09:56 AM
Those applications and others (WhatsApp, Telegram etc.) use end-to-end encryption with SSL/TLS certificate pinning. So any man-in-the-middle decrypt and re-sign action (such as the FTD does) will break that trust chain and cause the issues you report. You need to exempt those applications from your SSL policy for them to work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide