Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
3
Helpful
3
Replies

SSL decryption exception fail

Otvforte
Level 1
Level 1

‎09-04-2025 10:40 AM - edited ‎09-04-2025 10:41 AM

I'm working on creating an SSL decryption policy, but I'm running into an issue where the "no decryption" rule is failing to prevent decryption.

Interestingly, if I configure the "no decryption" rule using a subnet address, it works as expected. However, when I use a URL in the rule, it doesn't seem to have any effect.

Am I missing something here? These same rules used to work fine in version 7.4.2, but they no longer work in 7.6.2.

Any insights would be appreciated.

Regards

rules.jpg

 

0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎09-04-2025 11:39 AM

The key here I think is tls 1.2 vs tls 1.3 

MHM

Otvforte
Level 1
Level 1

‎09-04-2025 11:51 AM

I would agree that it could be a problem, firewall not being able to look at the certificate and match URL, but it was working prior to upgrade to 7.6.2, so maybe is anoter sort of problem. I'll reset the firewall and try again with the previous version.

MHM Cisco World
VIP
VIP
In response to Otvforte

‎09-04-2025 11:55 AM

There is option to select tls 1.3 in ssl policy and tls 1.3 decryption 

Before downgrade check these options 

Also you can capture traffic in ftd interface and check tls ver use 

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card