02-08-2019 05:16 AM - edited 03-12-2019 07:16 AM
Hello everyone,
We have ASA5525X with Firepower SFR module where we are implementin SSL decryption with known key for internal servers. Right now we are planning changing our Citrix Netscaler load-balancers with F5 and security department is going implement second SSL decryption for WAF features work. So in this scenario the performance of sll traffic warns me. What i want to know whether it is possible in Firepower configuration to decrypt, inspect and pass without encrypting back as plain text so that F5 won`t do decyrption process again.
Thanks in advance!
Solved! Go to Solution.
02-08-2019 07:54 PM
I know what you mean and have use other ADCs (Netscaler) to decrypt and pass on unencrypted. Unfortunately that's not currently an option with firepower (as of the current 6.3 release).
Even if you decrypt with a known key, Firepower will reencrypt after evaluating access control rules and passing the traffic on to the destination.
02-08-2019 07:54 PM
I know what you mean and have use other ADCs (Netscaler) to decrypt and pass on unencrypted. Unfortunately that's not currently an option with firepower (as of the current 6.3 release).
Even if you decrypt with a known key, Firepower will reencrypt after evaluating access control rules and passing the traffic on to the destination.
02-10-2019 10:19 PM
Thanks, Marvin, for you repsonse.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: