SSL Decryption On FTD Explained with Simple Terminologies - Cisco Community

1388

Views

2

Helpful

0

Comments

On Cisco Firepower Threat Defense there are two ways to do SSL Decryption (two actions in the SSL Policy).

Decrypt-Resign: for outbound connection (from an inside PC to an external server).

Used for traffic to external servers
FTD splits the original session into two: client<--->FTDw<--->server
The original server certificate is modified and resigned by FTD

Decrypt-Known-Key: for inbound connection (from an external PC to your internal server).

Used for traffic coming to your internal servers
Server's Private Key is uploaded to FTD
FTD decrypts the client-server taffic on the fly

For both option, ,need to import the right certificates.

How and where?

On FMC:

Navigate to Object --> Object Management --> PKI

There are two options:

Internal CA

Internal CA's certifcate (or FTD as CA) and Keys
Needed for "Decrypt Resign"

Internal Certificate:

Your server's certificate and private key
Needed for "Decrypt Known Key"

SSL Dec.PNG

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Popular Articles

AnyConnect Certificate Based Authentication.

Getting past intermittent/unexplained 802.1x problems on Windows 7

Insights About Multiple Vulnerabilities in Cisco Discovery Protocol Implementations (CDPwn)