How to verify SSL decryption in FirePOWER?

Sithulwin · ‎07-15-2016

Hi Guys,

I am trying to inspect incoming SSL traffic in my FirePOWER as I have internal SSL web server.

Cert and Key are already imported through PKI object management and SSL policy is already created too. However, I am here a bit lost my way to find out the verification where my SSL policy to incoming SSL traffic is working properly or not.

Could you here tell me where and how to verify it? Thanks much.

With Love,

Si Thu

yogdhanu · ‎07-17-2016

Hi

You can check the connection events. Enable the SSL filters in SSL policy to see which ssl rule the traffic is hitting and if its being encrypted or no.

Navigate to analysis> connection events>tables view of connection events.

Click on any filed cross sign and enable the SSl related fields as shows in screenshot.

Then you can either filter events based on connection events or see the traffic as it hits that.

Rate if helps.

Yogesh

Sithulwin · ‎07-17-2016

Hi Yogdhanu,

Thanks much for your guide.

As for inspecting incoming SSL traffic for internal SSL web server, I have created internal cert (for web server) under PKI object management. And created SSL policy for inbound traffic as the screenshot. Not: I am not going to decrypt to outbound SSL traffic.

Could you please advise on my SSL whether it is correct particularly for incoming SSL traffic. Many thanks.

With Love,

Si Thu

ankojha · ‎07-18-2016

Hi,

yes, that is correct settings for only internal web server traffic.

Thanks,

Ankita