10-18-2023 04:50 AM
Hello Everyone
We have a fleet of FTD's and some ASA's that's being phased out.
I have SSL decrypt working and have successfully tried all the functionality and it works as expected. But now I am wondering in networks with several thousand users and devices what is it worth to decrypt with security/maleware in mind ? Im also thinking that one must be carefull regarding CPU usage and so on.
Thanks in advance for any insight on this.
10-18-2023 05:47 AM
It all depends on security requirement, if you like to go ahead and decrypt the traffic, you have stage level my monitoring the CPU level. (most of the model documentation show you what kind of traffic can handle those boxes) that is part of sizing guide.
you can also choose what site you like to decrypt and souce IP also.
tuning tips :
10-18-2023 06:51 AM
The traffic not immediately decrypt and not all traffic decrypt.
The traffic must pass prefilter and acp then white/blacklist before it decrypt.
10-18-2023 12:06 PM - edited 02-28-2024 04:24 AM
It's rarely possible to decrypt outgoing traffic due to the need to decrypt and re-sign everything which requires having a Certificate Authority that all your user computers trust as a root / signing CA. Plus, even if you have that, may web sites and applications will not allow it due to things like HSTS and certificate pinning. There are better methods to protect your users and traffic.
Incoming traffic to servers you host is generally more amenable to decryption and is a good option since it allows you to see the plain text contents of traffic destined for your servers and more effectively scan for indications of compromise and attacks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide