Hello ,I have configured FMC 6.2 with the Sensor 5525 ,configured SSL decryption ,when I access to https site i see my local certificate in my browser also can see it on logs that it was decrypted and resigned ! I want to allow facebook application but block facebook like or chat ,is that technically possible ? I cant find any documentation for that case !I will appreciate if anybody helps !
Hi Claudiu ,
I have still issue on it ,although it shows in events that it is blocked it doesn't work ,i think it never works on Firepower or PaloAlto ,it is only possible to do it on Checkpoint :/ ,I am facing with another problem ,for example I have a department for Finance ,Youtube has been blocked ,one of user can access to it another one is not ? is it bug or something again ?
It seems that not all the facebook traffic is being decrypted and if the traffic is encrypted the firepower can't tell which microapp it is. If you specify an application that uses ssl in the decrypt policy it will never be decrypted.
Also there a couple of bugs opened for firepower recognizing facebook microapplications, for instance: CSCvh91548