cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1117
Views
0
Helpful
2
Replies

Firepower SSL decrypt and pass without encrypt

Hello everyone,

 

We have ASA5525X with Firepower SFR module where we are implementin SSL decryption with known key for internal servers. Right now we are planning changing our Citrix Netscaler load-balancers with F5 and security department is going implement second SSL decryption for WAF features work. So in this scenario the performance of sll traffic warns me. What i want to know whether it is possible in Firepower configuration to decrypt, inspect and pass without encrypting back as plain text so that F5 won`t do decyrption process again.

 

Thanks in advance!

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

I know what you mean and have use other ADCs (Netscaler) to decrypt and pass on unencrypted. Unfortunately that's not currently an option with firepower (as of the current 6.3 release).

 

Even if you decrypt with a known key, Firepower will reencrypt after evaluating access control rules and passing the traffic on to the destination.

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

I know what you mean and have use other ADCs (Netscaler) to decrypt and pass on unencrypted. Unfortunately that's not currently an option with firepower (as of the current 6.3 release).

 

Even if you decrypt with a known key, Firepower will reencrypt after evaluating access control rules and passing the traffic on to the destination.

Thanks, Marvin, for you repsonse.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: