View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0228 - ASA Firepower 6.0 SSL Decryption (Part 2)

Rating: 
0
No votes yet
Difficulty Level: 
5
Lab Document: 
<Please login to see the content>
Video Download: 
Title: SEC0228 - Video Download $14.00
Purchase SEC0228 - Video Download $14.00
The video walks you through configuration on Cisco ASA FirePower 6.0 for traffic decryption. We will look at decrypting traffic for both inbound and outbound. Any certificate generation, public and private key import will be shown. We will test our configuration using executable file inspection and compare the results when Firepower is configured with and without SSL policy.
 
Part 2 of this video covers outbound traffic decryption
 
Topic:
  • Inbound Traffic Decryption
    • Public and Private Key Import
    • Decrypt - Known Key
  • Outbound Traffic Decryption
    • OpenSSL CSR Generation
    • Certificate Signing
    • Decrypt-Resign
  • ASA Static Object NAT
  • File Policy
  • SSL Policy
  • Access Control Policy

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new Cisco technologies.

3 comments

Hi Matha, thanks for all these great video. I am wondering how can FireSight know the HTTPS are for finance without doing any decryption? Is that based on the public IPs? If that is the case, why it requires URL Filtering license? If not based on the public IPs, that means FireSight did try to decrypt?
Thank you so much!

FMC does web category on https session by referencing URL in the common name of the certificate since that's the only thing FMC can use pre-encryption. 

thanks a lot!

Lab Minutes Classifieds

Poll

Vote for the Next Video Series