Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
0
Helpful
1
Replies

SSL Policy question

Lee Dress
Level 1
Level 1

‎01-20-2017 12:09 PM - edited ‎03-12-2019 06:15 AM

I have a Firepower virtual management server that is managing about 12 devices.

(2-5516s, 2-5508s, and the rest 5506s)

I'd like to have an SSL policy so i can inspect https traffic, but I'm not sure if this is going to degrade system performance too much.

since I'm using firepower manager, is the SSL work offloaded to it?

I have plenty of room on my virtual environment to give the server all the CPU and memory it would ever want.

Labels:
0 Helpful
1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-20-2017 03:47 PM

I would not recommend doing SSL decryption with the ASA Firepower devices as this reduces the performance by 30-40% at a minimum. The ASA hardware was not built for such heavy processing - especially lower end models. You should really look at doing SSL decryption on a separate box capable of handling the traffic processing. And no, SSL is not offloaded to the FMC for decryption.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card