FTD: SSL Error accessing management page from internal interface.
I just installed a new FTD in Azure (standalone, not managed by FMC), running 6.7.0-65.
I so far we have done no config, just set set a single static route to access our VNET and enabled management over the inside data interface. Getting a ERR_SSL_VERSION_OR_CIPHER_MISMATCH error accessing over the Inside Interface IP address, but works fine via the Management Interface.
I did a packet inspection with Wireshark and can see that via Management Int TLS 1.2 is negotiated, but over the Inside Interface it tries and fails to negotiate TLS 1.0 (which I assume Cisco has disabled for security reasons). I have no idea why 1.0 is being attempted, I even tried disabling it on my browser, but get the same result.
Again, all other settings on the FTDv are set at default for version 6.7. Taking a guess that maybe some kind of SSL inspection might be causing the issue, but haven't found what I need to disable, or what rule I need to create to allow (assuming that is even the issue).
Learn about the rapidly evolving cyberthreat landscape and how both organizations and users can protect themselves as we transition to a forever hybrid world through a conversation with Cisco Talos Security Research Leader for Europe, Middle East, Africa,...
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...