Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1269
Views
0
Helpful
3
Replies

SSL inspection with FMC

ethutchinson
Level 1
Level 1

‎12-30-2019 09:08 AM - edited ‎02-21-2020 09:48 AM

I found out recently my FMC's  (6.4.0.4) URL filter was not catching HTTPS traffic (My Bad), So I started researching how to do this. I have downloaded the cert from my CA and I was about to install it and setup the SSL policy. Before I do this can I get some advantages (obvious) and disadvantages (performance?) to doing this? I know it looks pretty obvious but I wanted to know if I am missing something in my planning. I guess one of my major fears/concerns would be blocking a good site either internally or externally accessed. We have about 500 desktops and if I am going to wreck their days I want to know ahead of time.

 

Thanks

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎12-30-2019 09:19 AM

Hi,

The advantages to using SSL decryption is being able to determine what sites are being accessed and denying access - this could be malicious traffic, which you'd want to block. You are correct, enabling SSL decryption would have an impact on performance.

 

What hardware are you using?

And what is the bandwidth of your internet connection?

0 Helpful

ethutchinson
Level 1
Level 1
In response to Rob Ingram

‎12-30-2019 09:23 AM

ASA 5515x's with two 100mb shared connections

0 Helpful

Rob Ingram
VIP
VIP
In response to ethutchinson

‎12-30-2019 09:46 AM

The screenshot below is from the Firepower Performance Estimator, set at 100Mb bandwidth with only the Base and SSL Decryption features enabled. The output indicates the performance of the different ASA models, except the 5515X so cannot estimate what the impact will be.

 

Capture.PNG

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card