cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2116
Views
0
Helpful
4
Replies

SSL Traffic Capture on FTD

Fantas
Level 1
Level 1

Hi,

 

we have internal client talking to outside but I cant see ant traffic on FTD and Looks its communication is not reaching at that level and breaks at SSL handshake. Server guy confirmed me that ssl handshake is not completing.

 

Can I capture ssl handshake traffic on ftd to see If ssl is the problem for this communication.

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Hope you are not looking Decrypt the SSL, but as per the post, you looking simple end-to-end TCP handshake to prove the packet coming in FTD and leaving to destination.

 

below troubleshoot prove and explain when you enable capture. Hope you do not have any other uplink side device which does NAT or any other sort ?

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

You can capture ssl traffic and look at the handshake (basically client
hello and server hello are the handshake messages). A failure in handshake
will generate a reset by the other party. These hellos can be seen without
decrypt.

***** please remember to rate useful posts

Thanks,

 

Yes I want to look at the handshake level only without decrypting ssl traffic.

what CLI should I use to get this Info on FTD CLI.

 

Hi,

You can go to system support diag command and capture #name# #if-name# ....
etc to capture the traffic on outside interface. Then export it as pcpa
file. Or you can generate the capture from fmc or fdm. Just lookup the
steps online.


**** please remember to rate useful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: