View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0228 - ASA Firepower 6.0 SSL Decryption (Part 2)

SEC0228 - ASA Firepower 6.0 SSL Decryption (Part 2)

Rating: 
5
Average: 5 (2 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video walks you through configuration on Cisco ASA FirePower 6.0 for traffic decryption. We will look at decrypting traffic for both inbound and outbound. Any certificate generation, public and private key import will be shown. We will test our configuration using executable file inspection and compare the results when Firepower is configured with and without SSL policy.
 
Part 2 of this video covers outbound traffic decryption
 
Topic:
  • Inbound Traffic Decryption
    • Public and Private Key Import
    • Decrypt - Known Key
  • Outbound Traffic Decryption
    • OpenSSL CSR Generation
    • Certificate Signing
    • Decrypt-Resign
  • ASA Static Object NAT
  • File Policy
  • SSL Policy
  • Access Control Policy
Tag: 
asa
firepower
sourcefire
ngfw
decryption
openssl
csr
certificate
NAT
acl

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

4 comments

Submitted by qqxk on Sat, 05/06/2017 - 10:52

Hi Matha, thanks for all these great video. I am wondering how can FireSight know the HTTPS are for finance without doing any decryption? Is that based on the public IPs? If that is the case, why it requires URL Filtering license? If not based on the public IPs, that means FireSight did try to decrypt?
Thank you so much!

Submitted by admin on Sun, 05/07/2017 - 21:40

FMC does web category on https session by referencing URL in the common name of the certificate since that's the only thing FMC can use pre-encryption. 

Submitted by qqxk on Fri, 05/12/2017 - 12:51

thanks a lot!

Submitted by orkhan.r on Thu, 06/06/2019 - 22:20

Hello Admin,

Thank you again for your amazing and helpful tutorials. One thing interests me which is not documented properly is "Trusted CA Certificate" tab in SSL Policy. In docs i could find paragraph telling that it can be used for verifying server certificates. I am not using any one of them as selected in my SSL Policy and I would like to know what will be difference if I use them. It would be amazing if you can first clarify what is that and give extra example from practice.
Thanks in advance!

Poll

Vote for the Next Video Series