SSL Policy

adamgibs7 · ‎04-29-2018

Dears,

I am creating a SSL policy and I m not understanding the concept of application column and port column inside the rule, the rule is made of, zone, network, application , users, category port, etc etc

As far I know 443 is a SSL encrypted traffic, apart from this 443 there can be other encrypted traffic working on different port ?? I want to understand if a application creator is building an application on port for example 1234 so he has the ability of encryption on that application for a specific port he chooses

thanks

yogdhanu · ‎04-30-2018

Hi

Yes, there can be SSL traffic on ports other then 443.

The application field is for applying the rule on specific application identified by firepower before the decryption is done. Port, Application and other factors are available to make the rule as specific as it can be.

All of matching are in AND operation. Meaning all the criteria defined in rule should match the packet for the rule to hit.

Hope it helps,

Yogesh

adamgibs7 · ‎04-30-2018

Dear Yogdhanu,

Thanks for the reply , so u r confirming me that the SSL traffic ( what i understand means encrypted traffic) can be on another port ( if it is used on private networks I can use private port numbers rages which cannot be used on internet)

The application field is for applying the rule on specific application identified by firepower before the decryption is done. Port, Application and other factors are available to make the rule as specific as it can be.

when the rule is matched the traffic is decrypted otherwise the default action is to Do not decrypt.

Please correct me if i am wrong

Thanks

adamgibs7 · ‎06-18-2018

Dears,

Anybody can put some shade on the below discussion.

Thanks