Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
720
Views
0
Helpful
0
Replies

Firepower SSL Decryption bypass of specific websites

jheesen123
Level 1
Level 1

‎12-18-2017 03:47 PM - edited ‎02-21-2020 06:58 AM

Hi All,

 

I have a customer deploying ASAs with Firepower 6.2.  We are performing SSL decrypt features and if you’ve worked with these technologies and encryption you will know that sometimes a website must be bypassed, for a variety of reasons. With Firepower you may not use a customer URL in the SSL decryption policy for bypass.  Meaning if you are having issues with a website because of SSL decrypt you cannot isolate that URL via DNS name resolution.  The only way I know to resolve this issue is via IP address or trusting bulk categories (assuming you have a URL license).   This makes the solution almost unworkable in most situations. We all know website IPs don’t stay static in many circumstances.  The Cisco solution is very poor for the use of SSL decrypt in a production network. Support is not very good on this product for issues outside of basic configurations either which is too bad because it’s a good product.

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card