SSL Policy decrypt with known Key is nowt working With Cloudflare
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2024 11:10 PM
We have a web server behind firepower in the DMZ, and we've implemented an SSL policy for decrypting traffic with a known key.
In our domain name (forexample.com), we've directed traffic to Cloudflare Proxy. Within Cloudflare, the traffic is then forwarded to the public IP of the web server. Additionally, on our firepower, we've configured access to the web server to only allow traffic from Cloudflare's IP ranges to Webserver on HTTP and HTTPS, and it work fine, users can access on both protocol.
the only issue is , on firepower we are unable to see any HTTPS traffic from Cloudflare ranges to Webserver.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2024 02:51 PM
the only reason in my mind you
use FastPath
or ACP with action Trust
for traffic direct to server
hence the https dont decrypt and inspection
MHM
