03-11-2019 03:34 AM - edited 02-21-2020 08:55 AM
Hello,
So i am new to firewalls and i have got this question from one of our users
"We have had issues with our proxy service and they have asked us to check the below.
Which firewall you are using upstream? Could you confirm if you have enabled SSL decryption on Firewall as well? "
Not sure if the ASAv supports SSL Decryption.
03-11-2019 03:47 AM
Most likely the answer is no. So in what direction is this traffic going through the fw? Outbound to internet? So if you are simply permitting https through your fw from the proxies IP; then you are not decrypting.
03-11-2019 08:11 AM
ASAv does not support SSL decryption at all since it doesn't support the Firepower service module.
Other models of ASA 5500-X support it in software if there is a Firepower service module in place with an SSL policy that's been all setup. They also support it if they are running FTD image, as do Firepower appliances running FTD.
We seldom see it used on ASAs in production for general purpose traffic inspection since the performance is pretty slow and it can quickly bring a smaller appliance to its knees. It also requires intermediate to advanced knowledge of PKI to make it work properly - something that is not all that common.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide