Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts with replies and give us your feedback.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
68627
Views
36
Helpful
35
Replies

Confirmation on HTTPS decryption

Go to solution
MICHAEL HORNE
Frequent Visitor
Frequent Visitor

‎11-03-2017 04:00 AM

Hello All,

Reading the documentation has led me to understand that the decryption of HTTPS traffic for Content filtering / inspection is not possible and and filtering on for HTTPS traffic will be based only on the host name only.

Can someone just confirm that SSL decryption is not possible?

Many thanks,

Michael

Labels:
35 Replies 35

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star
In response to DHAnderson

‎07-23-2019 01:14 PM

>Fortinet firewalls have FPGAs or custom chips to do the heavy lifting in their SSL inspection.

@DHAnderson1 I think that is a great approach that Fortinet are using - if you think SSL inspection has any value.

0 Helpful

Go to solution
DHAnderson
Level 5
Level 5
In response to Philip D'Ath

‎08-15-2019 03:30 PM

@Philip D'Ath

When I had a client who had their own servers running an online grocery e-commerce service, they had Fortinet firewalls.

I am installing Meraki MX firewalls for my clients that are not running web servers.

Dave Anderson
0 Helpful

Go to solution
wrespawn
Community Member

‎12-06-2017 02:49 PM

Is this on all MXs (i.e MX84 and higher)? I've been considering and actively testing replacing our sonicwalls with Meraki devices. If none of the higher tier devices are able to filter SSL traffic this throws a big wrench into my plans.

0 Helpful

Go to solution
GreenMan
Cisco Employee
Cisco Employee
In response to wrespawn

‎12-08-2017 02:05 AM

Correct - SSL decryption is not currently supported on any of the MX models. Sorry this adversely affects your plans.
0 Helpful

Go to solution
ccnewmeraki
Level 2
Level 2
In response to GreenMan

‎02-21-2018 04:15 AM

Cisco have announced some interesting products that can detect malware in encrypted traffic without decrypting it:

https://blogs.cisco.com/security/detecting-encrypted-malware-traffic-without-decryption

The whitepaper says it's going to be in Cisco IOS XE 16.6 & it provides a list of models gaining the functionality:

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf

Are any of these features moving over to the Meraki MX series?

Go to solution
MRCUR
Level 9
Level 9
In response to ccnewmeraki

‎03-31-2018 05:12 PM

@ccnewmeraki I really, really hope the MX team is working on getting this capability into the MX line with AMP. It'd be nice if eventually we could get to a place where Cisco & Meraki can launch these new features in tandem between the traditional Cisco products and the Meraki line.

MRCUR | CMNO #12
Customers Also Viewed These Support Documents