cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1222
Views
0
Helpful
5
Replies
ryan14
Beginner

Do not decrypt bypass rule for domain

Is there a way to create a do not decrypt rule for a set of domains or FQDNs? I do not see a URL tab in the the SSL ACP. Running 6.4.0.4 fmc. Closest alternative is to either know the destination IPs or hope the application tab has a match.

1 ACCEPTED SOLUTION

Accepted Solutions
Muhammad Awais Khan
VIP Rising star

Hi,

 

Did you try with a rule using DN and CN ? you can match CN or DC for the required website which you dont want to decrypt. 

View solution in original post

5 REPLIES 5
Abheesh Kumar
Rising star

Hi,

I think there is no option to create rule with FQDN either you need to know the FQDN resolvable IP, If you try creating FQDN in the SLL rule it will not display FQDN objects there. I think its a limitation that cisco need to address in feature releases. 

 

HTH

Abheesh

 

Muhammad Awais Khan
VIP Rising star

Hi,

 

Did you try with a rule using DN and CN ? you can match CN or DC for the required website which you dont want to decrypt. 

View solution in original post

Hey guys,

 

Yeah so I tested adding a site to the subject DN and it didn't decrypt which is good. Does this also do subdomains or do you need to add an asterisk? I was under the impression firepower doesn't llike asterisk characters for wild card.

Hi,

 

* should be working fine. Infact they are using * in the snapshot I attached in previous comment.

Thanks just tested the asterisk and it did work.

Content for Community-Ad