Procedure
Before you begin
The SSL decryption rules table contains two sections:
-
Identity Policy Active Authentication Rules—If you enable the identity policy and create rules that use active authentication, the system automatically creates the SSL decryption rules needed to make those policies work. These rules are always evaluated before the SSL decryption rules you create yourself. You can alter these rules only indirectly, by making changes to the identity policy.
-
SSL Native Rules—These are rules that you have configured. You can add rules to this section only.
Procedure
Step 1 | In the left pane, click . |
Step 2 | Click the Devices tab to locate the device or the Templates tab to locate the model device. |
Step 3 | Click the FTD tab and select the device you want to create the SSL policy. |
Step 4 | Click Policy in the Management pane at the right. |
Step 5 | Click SSL Decryption in the policy bar. |
Step 6 | If you have not yet enabled the policy, click Enable SSL Decryption and configure policy settings, as described in Enable the SSL Decryption Policy. |
Step 7 | Configure the default action for the policy. The safest choice is Do Not Decrypt. For more information, see Configure the Default SSL Decryption Action section of the Security Policies chapter of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for the version your device is running. |
Step 8 | Manage the SSL decryption policy. After you configure SSL decryption settings, this page lists all rules in order. Rules are matched against traffic from top to bottom with the first match determining the action to apply. You can do the following from this page:
|
Step 9 | Continue to Enable the SSL Decryption Policy. |