03-23-2019 04:19 AM
Hi,
We have Cisco Firepower 7000 series boxes running 6.2.3 installed in transparent mode in our customer network managed by FMC.
The customer has some Gre tunnel traffic passing through PF , which is being decapsulated/decrypted.
The customer has requested us to stop decapsulation/decryption of Gre in FP , and allow the traffic to by pass inspection.
As per i know there is no way to add pre-filters for FP 7000 series. so what is the alternative to achieve the same.
Regards,
03-23-2019 04:56 AM - edited 03-23-2019 04:59 AM
Hi,
Try creating a trust rule with source/destination (inner header) for the GRE tunneled traffic.
Hope This Helps
Abheesh
03-23-2019 08:36 AM
Hi,
Thanks for reply,
But The requirement is to stop decryption of GRE traffic, rather than bypassing inspection of GRE inner header traffic.
regards,
03-26-2019 12:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide