02-08-2019 05:16 AM - edited 03-12-2019 07:16 AM
Hello everyone,
We have ASA5525X with Firepower SFR module where we are implementin SSL decryption with known key for internal servers. Right now we are planning changing our Citrix Netscaler load-balancers with F5 and security department is going implement second SSL decryption for WAF features work. So in this scenario the performance of sll traffic warns me. What i want to know whether it is possible in Firepower configuration to decrypt, inspect and pass without encrypting back as plain text so that F5 won`t do decyrption process again.
Thanks in advance!
Solved! Go to Solution.
02-08-2019 07:54 PM
I know what you mean and have use other ADCs (Netscaler) to decrypt and pass on unencrypted. Unfortunately that's not currently an option with firepower (as of the current 6.3 release).
Even if you decrypt with a known key, Firepower will reencrypt after evaluating access control rules and passing the traffic on to the destination.
02-08-2019 07:54 PM
I know what you mean and have use other ADCs (Netscaler) to decrypt and pass on unencrypted. Unfortunately that's not currently an option with firepower (as of the current 6.3 release).
Even if you decrypt with a known key, Firepower will reencrypt after evaluating access control rules and passing the traffic on to the destination.
02-10-2019 10:19 PM
Thanks, Marvin, for you repsonse.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide