cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1829
Views
0
Helpful
4
Replies

If ASA 5515 supports HTTPS URL filtering

shrijan
Level 1
Level 1


Hello everyone,

 

Can anyone tell me if ASA 5515 supports HTTPS URL filtering?

 

I am using 

ASDM 6.6
ASA version: 9.1

 

Though i have read this "ASA cannot do deep packet inspection or inspection based on regular expression for HTTPS traffic, because in HTTPS, content of packet is encrypted (SSL)" from a doc which is 2008 published.

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100535-asa-8x-regex-config.html

 

But wondering since this is already 2021 if ASA 5515 can do now..

 

Thanks.

Shrijan

3 Accepted Solutions

Accepted Solutions

Amine ZAKARIA
Spotlight
Spotlight

@shrijan ,

 

Unfortunately no, You need ASA Firepower module to decrypt SSL traffic, or FTD code image.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-firepower-services/200577-Configure-the-SSL-decryption-on-FirePOWE.html

--

Don't forget to rate helpful posts.

View solution in original post

balaji.bandi
Hall of Fame
Hall of Fame

Looks the your model can not support here, but new NGFW can offer this features.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

just to add what other mentioned for this to work you  need a cisco next gen IPS also know as secure firewall. now the ASA physical hardware is gone EOL (End Of Life). your best bet is looking the Secure Firewall 1001 as entry model.

 

now for these model either you can managed them as stand alone or with FMC appliance. 

 

The new model Secure Firewall 1001 to all the way to big boys provide you IPS with URL/MALWARE/IPS protection which as based on yearly subscription with smart license.  

 

Cisco Secure Firewall At-a-Glance - Cisco

Cisco Secure Firewall - Cisco

please do not forget to rate.

View solution in original post

4 Replies 4

Amine ZAKARIA
Spotlight
Spotlight

@shrijan ,

 

Unfortunately no, You need ASA Firepower module to decrypt SSL traffic, or FTD code image.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-firepower-services/200577-Configure-the-SSL-decryption-on-FirePOWE.html

--

Don't forget to rate helpful posts.

balaji.bandi
Hall of Fame
Hall of Fame

Looks the your model can not support here, but new NGFW can offer this features.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

just to add what other mentioned for this to work you  need a cisco next gen IPS also know as secure firewall. now the ASA physical hardware is gone EOL (End Of Life). your best bet is looking the Secure Firewall 1001 as entry model.

 

now for these model either you can managed them as stand alone or with FMC appliance. 

 

The new model Secure Firewall 1001 to all the way to big boys provide you IPS with URL/MALWARE/IPS protection which as based on yearly subscription with smart license.  

 

Cisco Secure Firewall At-a-Glance - Cisco

Cisco Secure Firewall - Cisco

please do not forget to rate.

shrijan
Level 1
Level 1

Thank You ALL For the advice.

 

Shrijan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: