07-17-2015 05:19 AM - edited 03-11-2019 11:17 PM
Can ASA with FirePower services inspect SSL traffic or we need SSL inspection appliance.
How can ASA force Application Control for SSL. Let say, allow only reading of Social Networking while bloking upload/post if not be able to see inside SSL?
07-17-2015 08:10 AM
ASA cannot block HTTPS
Firepower has an option of URL blocking that treats http and https as equal
You can go through it for more info:
http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AC-Rules-App-URL-Reputation.html#pgfId-1537119
Regards,
Puneesh
Please rate the helpful posts
07-17-2015 08:35 AM
Hi,
Thank you for answer.
But, then I’ll still have usual issues when there is no SSL interception like:
So, for that we need SSL Appliance?
07-17-2015 06:57 PM
Yes, you'd require web application firewalls for all those.
Regards,
Puneesh
Please rate the helpful posts
07-17-2015 10:23 PM
Hi,
Adding on to what puneesh said , we can use DNS REGEX on the ASA device is the DNS queries are going through the ASA device and then block the HTTPS websites as well if only blocking is required and not looking in the SSL header is the required.
Thanks and Regards,
Vibhor Amrodia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide