Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1101
Views
10
Helpful
4
Replies

Proxy exceptions on FMC Version 6.0

DavideRanalli97851
Level 1
Level 1

‎09-03-2021 08:23 AM

I am using version on 6.0 on a physical 1600 FMC, we have configured a proxy in order to download updates from FMC and things like this. In house we also have the Smart Software Manager Satellite for licenses.

From FMC we are able to download updates but we can't reach the Satellite from the FMC after pasting the token generated from Satellite, my worry is that exceptions have to be configured on FMC but it has no options for that, looks like a limitation.

Does anyone know if exceptions can be configured, if they are needed at all, or any idea?

 

Thanks

 

Davide 

0 Helpful
4 Replies 4

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-03-2021 10:44 PM

Hi @DavideRanalli97851,

Unfortunatelly, there is no possibility to configure exceptions list, while using proxy on Firepower. There is an enhancement request filed as CSCva74145, which is still open.

What stops you of permitting Satelite communication over proxy? If you are using TLS, just create TLS decryption exception (otherwise you would need to think of a way FMC trusts your TLS-decryption certificate). You could also try communicating over plain HTTP.

BR,

Milos

 

DavideRanalli97851
Level 1
Level 1
In response to Milos_Jovanovic

‎09-04-2021 05:25 AM

Hi Milos,

 

thanks for the ideas, i tried configuring a "Do not decrypt" policy clicking on SSL tab under the Access Control tab, but still not able to reach the Satellite, why would a TLS decryption exception policy need to be configured?

Satellite and FMC both refer to the same pki we have in house.

 

Thanks

 

Davide

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to DavideRanalli97851

‎09-04-2021 01:05 PM

No, not on FMC/FTD. What I meant, you should configure proxy on FMC (like you need to), but then configure exception on proxy - when traffic is coming from FMC, bypass it from TLS decryption on proxy and/or permit it towards Satelite (and Internet, in order to download updates).

BR,

Milos

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎09-04-2021 12:02 AM

Hi,

No, you can't configure proxy exceptions on FMC. These have to be
configured on proxy to bypass FMC traffic when going to SSM.

Also, try to move from 6.0. It's very outdated.

**** please remember to rate useful posts
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card