Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1324
Views
0
Helpful
1
Replies

Only authorize HTTP and HTTPS traffic even on non standard ports

Elbrabra
Level 1
Level 1

‎11-10-2019 02:25 AM - edited ‎02-21-2020 09:41 AM

Hello,

 

We have an ASA with Cisco Firepower and I want to create a rule  to only authorize HTTP and HTTPS traffic (without decrypt HTTPS traffic) regardless of the port used (standard or not).

 

I know ASA can inspect HTTP traffic on non standard port withtout using Firepower module, but for HTTPS it's not supported directly ASA, Firepower must be used.

 

So this is the rule I want to create for that need:

 

SOURCE: Network A DESTINATION:  Network B Service: HTTP (any port) or HTTPS (any port)  Action: Allow

SOURCE: Any DESTINATION: Any Service: Any Action Deny

 

Do you know if this kind of implementation is possible on Firepower rules ?

 

Thank for you help,

 

Regards

Labels:
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎11-13-2019 11:23 AM

Yes, you can use the Application tab in your Access Control Policy and search for "HTTP" and "HTTPS" under "Available Applications." Firepower will detect those applications without the need of TLS decryption/inspection. 

I hope this helps!

Thank you for rating helpful posts!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card