09-09-2021 01:30 AM
Hello everyone,
Can anyone tell me if ASA 5515 supports HTTPS URL filtering?
I am using
ASDM 6.6
ASA version: 9.1
Though i have read this "ASA cannot do deep packet inspection or inspection based on regular expression for HTTPS traffic, because in HTTPS, content of packet is encrypted (SSL)" from a doc which is 2008 published.
But wondering since this is already 2021 if ASA 5515 can do now..
Thanks.
Shrijan
Solved! Go to Solution.
09-09-2021 02:09 AM
@shrijan ,
Unfortunately no, You need ASA Firepower module to decrypt SSL traffic, or FTD code image.
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-firepower-services/200577-Configure-the-SSL-decryption-on-FirePOWE.html
--
Don't forget to rate helpful posts.
09-09-2021 02:50 AM
Looks the your model can not support here, but new NGFW can offer this features.
09-09-2021 02:57 AM
just to add what other mentioned for this to work you need a cisco next gen IPS also know as secure firewall. now the ASA physical hardware is gone EOL (End Of Life). your best bet is looking the Secure Firewall 1001 as entry model.
now for these model either you can managed them as stand alone or with FMC appliance.
The new model Secure Firewall 1001 to all the way to big boys provide you IPS with URL/MALWARE/IPS protection which as based on yearly subscription with smart license.
Cisco Secure Firewall At-a-Glance - Cisco
09-09-2021 02:09 AM
@shrijan ,
Unfortunately no, You need ASA Firepower module to decrypt SSL traffic, or FTD code image.
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-firepower-services/200577-Configure-the-SSL-decryption-on-FirePOWE.html
--
Don't forget to rate helpful posts.
09-09-2021 02:50 AM
Looks the your model can not support here, but new NGFW can offer this features.
09-09-2021 02:57 AM
just to add what other mentioned for this to work you need a cisco next gen IPS also know as secure firewall. now the ASA physical hardware is gone EOL (End Of Life). your best bet is looking the Secure Firewall 1001 as entry model.
now for these model either you can managed them as stand alone or with FMC appliance.
The new model Secure Firewall 1001 to all the way to big boys provide you IPS with URL/MALWARE/IPS protection which as based on yearly subscription with smart license.
Cisco Secure Firewall At-a-Glance - Cisco
09-09-2021 05:06 AM
Thank You ALL For the advice.
Shrijan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide