Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6057
Views
0
Helpful
1
Replies

How to configure HTTPS inspection on ASA

Go to solution
AboudMokh
Community Member

‎01-14-2015 03:33 AM - edited ‎03-11-2019 10:20 PM

I need to know how to configure HTTPS inspection on ASA ?

All i can find is http inspection and it seems that I can't add 'inspect https' command ? so what i can do ?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎01-14-2015 03:59 AM

There is no HTTPS-inspection on the ASA itself. It can be done with the help of the ASA-CX-module or in the future with the FirePOWER module.

Until then, or if you don't want to spend extra money on the module-licenses, you can do the following if you are talking about inbound HTTPS to your own server:

  1. Place a reverse-proxy (like nginx) in a DMZ on your ASA
  2. Terminate the incoming HTTPS-session on the reverse-proxy and forward it as HTTP to a server on a different ASA-interface.
  3. Both on the reverse-proxy and on the ASA you now can use HTTP-inspections.

If you have outbound HTTPS, then you could install a proxy-server that can inspect HTTPS-traffic. A Cisco solution for that would be the Web security Appliance WSA.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎01-14-2015 03:59 AM

There is no HTTPS-inspection on the ASA itself. It can be done with the help of the ASA-CX-module or in the future with the FirePOWER module.

Until then, or if you don't want to spend extra money on the module-licenses, you can do the following if you are talking about inbound HTTPS to your own server:

  1. Place a reverse-proxy (like nginx) in a DMZ on your ASA
  2. Terminate the incoming HTTPS-session on the reverse-proxy and forward it as HTTP to a server on a different ASA-interface.
  3. Both on the reverse-proxy and on the ASA you now can use HTTP-inspections.

If you have outbound HTTPS, then you could install a proxy-server that can inspect HTTPS-traffic. A Cisco solution for that would be the Web security Appliance WSA.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card