FirePOWER SSL decryption only to display response page

Hi,
we are using firepower 6.2 on SFR module on Cisco ASA and Firesight management center.
We notice that when a user visit an URL denied by a policy, if the URL is in HTTPS the block response page is not displayed.
If the user tries to visit the same URL in HTTP the response page is correctly displayed.
Based on the cisco documentation, probabily we need to configure the SSL policy and the SSL inspection.
But the question is: is it possibile to configure the SSL inspection ONLY to display the block page? With fortigate for example is possibile with the SSL inspection mode named "SSL certificate inspection" which inspect only the SSL/TLS handshake and perform MITM only if the fortigate needs to display a block page to the user.
Thanks
Luca

Comments

  • I haven't done it but reading over the documentation the SSL Policy applies prior to the Access Control policy. This would in theory allow you to decrypt the categories you plan on blocking and then in the Access Control policy set the action to block (preferably with reset).

    Let us know if you get this working. I have the same issue with my deployment. Heck I may test it this weekend in the lab just to see if it works though to be honest I don't know if the SFR module would be able to handle the performance hit without impacting other traffic in my environment.

Sign In or Register to comment.