cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1456
Views
0
Helpful
3
Replies

How to verify SSL decryption in FirePOWER?

Sithulwin
Level 1
Level 1

Hi Guys,

I am trying to inspect incoming SSL traffic in my FirePOWER as I have internal SSL web server. 

Cert and Key are already imported through PKI object management and SSL policy is already created too. However, I am here a bit lost my way to find out the verification where my SSL policy to incoming SSL traffic is working properly or not.

Could you here tell me where and how to verify it? Thanks much.

With Love,

Si Thu

3 Replies 3

yogdhanu
Cisco Employee
Cisco Employee

Hi

You can check the connection events. Enable the SSL filters in SSL policy to see which ssl rule the traffic is hitting and if its being encrypted or no.

Navigate to analysis> connection events>tables view of connection events.

Click on any filed cross sign and enable the SSl related fields as shows in screenshot.

Then you can either filter events based on connection events or see the traffic as it hits that.

Rate if helps.

Yogesh

Hi Yogdhanu,

Thanks much for your guide. 

As for inspecting incoming SSL traffic for internal SSL web server, I have created internal cert (for web server) under PKI object management. And created SSL policy for inbound traffic as the screenshot. Not: I am not going to decrypt to outbound SSL traffic. 

Could you please advise on my SSL whether it is correct particularly for incoming SSL traffic. Many thanks. 

With Love,

Si Thu

Hi,

yes, that is correct settings for only internal web server traffic.

Thanks,

Ankita

Review Cisco Networking for a $25 gift card