Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
5
Helpful
3
Replies

How HTTPS scanning works in cisco asa

contactvatsalshah
Level 1
Level 1

‎01-02-2017 02:55 AM - edited ‎03-12-2019 01:43 AM

Hello,

Very eager to know about how HTTPS works on CISCO ASA with firepower subscription?

can anyone please tell me how cisco asa scan HTTPS packets and block web categories applied by admin? Does it use certificate or something else?


Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎01-02-2017 03:07 AM

FirePower gets a certificate that has to be trusted by your clients or come from an internal trusted CA.

When the client connects to a HTTPS-ressource (can also be other services that work with TLS), then FP issues a new certificate on the fly with the subject of the destination server. With that it makes itself a Man-in-the-middle and can inspect the data.

In general, it's the same as probably all HTTP-inspecting gateways work.

contactvatsalshah
Level 1
Level 1
In response to Karsten Iwen

‎01-02-2017 04:06 AM

Thanks for clearing my doubts. 

Is there any document for details description of HTTPS inspecting about Cisco firepower?

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card