cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1974
Views
5
Helpful
5
Replies

Do not decrypt bypass rule for domain

ryan14
Level 1
Level 1

Is there a way to create a do not decrypt rule for a set of domains or FQDNs? I do not see a URL tab in the the SSL ACP. Running 6.4.0.4 fmc. Closest alternative is to either know the destination IPs or hope the application tab has a match.

1 Accepted Solution

Accepted Solutions

Muhammad Awais Khan
Cisco Employee
Cisco Employee

Hi,

 

Did you try with a rule using DN and CN ? you can match CN or DC for the required website which you dont want to decrypt. 

View solution in original post

5 Replies 5

Abheesh Kumar
VIP Alumni
VIP Alumni

Hi,

I think there is no option to create rule with FQDN either you need to know the FQDN resolvable IP, If you try creating FQDN in the SLL rule it will not display FQDN objects there. I think its a limitation that cisco need to address in feature releases. 

 

HTH

Abheesh

 

Muhammad Awais Khan
Cisco Employee
Cisco Employee

Hi,

 

Did you try with a rule using DN and CN ? you can match CN or DC for the required website which you dont want to decrypt. 

Hey guys,

 

Yeah so I tested adding a site to the subject DN and it didn't decrypt which is good. Does this also do subdomains or do you need to add an asterisk? I was under the impression firepower doesn't llike asterisk characters for wild card.

Hi,

 

* should be working fine. Infact they are using * in the snapshot I attached in previous comment.

Thanks just tested the asterisk and it did work.

Review Cisco Networking for a $25 gift card