View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0228 - ASA Firepower 6.0 SSL Decryption (Part 2)

Average: 5 (2 votes)
Difficulty Level: 
Lab Document: 
<Please login to see the content>
Video Download: 
Title: SEC0228 - Video Download $14.00
Purchase SEC0228 - Video Download $14.00
The video walks you through configuration on Cisco ASA FirePower 6.0 for traffic decryption. We will look at decrypting traffic for both inbound and outbound. Any certificate generation, public and private key import will be shown. We will test our configuration using executable file inspection and compare the results when Firepower is configured with and without SSL policy.
Part 2 of this video covers outbound traffic decryption
  • Inbound Traffic Decryption
    • Public and Private Key Import
    • Decrypt - Known Key
  • Outbound Traffic Decryption
    • OpenSSL CSR Generation
    • Certificate Signing
    • Decrypt-Resign
  • ASA Static Object NAT
  • File Policy
  • SSL Policy
  • Access Control Policy

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.


Hi Matha, thanks for all these great video. I am wondering how can FireSight know the HTTPS are for finance without doing any decryption? Is that based on the public IPs? If that is the case, why it requires URL Filtering license? If not based on the public IPs, that means FireSight did try to decrypt?
Thank you so much!

FMC does web category on https session by referencing URL in the common name of the certificate since that's the only thing FMC can use pre-encryption. 

thanks a lot!

Hello Admin,

Thank you again for your amazing and helpful tutorials. One thing interests me which is not documented properly is "Trusted CA Certificate" tab in SSL Policy. In docs i could find paragraph telling that it can be used for verifying server certificates. I am not using any one of them as selected in my SSL Policy and I would like to know what will be difference if I use them. It would be amazing if you can first clarify what is that and give extra example from practice.
Thanks in advance!