TLS/SSL Rules require processing overhead that can impact performance. Set up Decrypt - Resign or Decrypt - Known Key rules only if your managed device handles encrypted traffic. Guidelines for Using TLS/SSL Decryption TLS/SSL Rule Unsupported Features TLS/SSL Do Not Decrypt Guidelines TLS/SSL Decrypt - Resign Guidelines TLS/SSL Decrypt - Known Key Guidelines TLS/SSL Block Guidelines TLS/SSL Certificate Pinning Guidelines TLS/SSL Heartbeat Guidelines TLS/SSL Anonymous Cipher Suite Limitation TLS/SSL Normalizer Guidelines Other TLS/SSL Rule Guidelines Guidelines for Using TLS/SSL Decryption Rule and Other Policy Warnings SSL Rule Order Related References The wrong way can adversely affect performance.įor detailed information, see Best Practices for Access Control Rules.įor guidelines related specifically to TLS crypto acceleration, see TLS Crypto Acceleration. Creating overly complex rules and ordering rules Rules can also reduce the resources required to process network traffic. In addition, rules can preempt each other, require additional licenses, or contain invalid configurations. Influence how you configure rules, including certain application behavior that you cannot control. Properly configuring TLS/SSL rules is a complex task, but one that is essential to building an effective deployment that handles encrypted traffic. Keep the following points in mind when setting up your TLS/SSL rules. TLS/SSL rules provide a granular method of handling encrypted traffic across multiple managed devices, whether blocking the traffic withoutįurther inspection, not decrypting the traffic and inspecting it with access control, or decrypting the traffic for access Because the managementĬenter configuration option is Policies > Access Control > SSL, we use the term SSL policies although these policies are used to define rules for TLS and SSL traffic.įor more information about SSL and TLS protocols, see a resource such as SSL vs.
Secure TLS protocol, so you can usually interpret TLS/SSL as referring to TLS only. The SSL protocol has been deprecated by the IETF in favor of the more The following topics provide an overview of creating, configuring, managing, and troubleshooting TLS/SSL rules:īecause TLS and SSL are often used interchangeably, we use the expression TLS/SSL to indicate that either protocol is being discussed. Troubleshoot Unknown or Bad Certificates or Certificate Authorities.Encryption Protocol Version TLS/SSL Rule Conditions.Certificate Status TLS/SSL Rule Conditions.Trusting External Certificate Authorities.Distinguished Name (DN) Rule Conditions.Server Certificate-Based TLS/SSL Rule Conditions.Security Zone Conditions and Multitenancy.Encrypted Traffic Inspection Configuration.Requirements and Prerequisites for TLS/SSL Rules.TLS/SSL Anonymous Cipher Suite Limitation.Guidelines for Using TLS/SSL Decryption.TLS/SSL Rule Guidelines and Limitations.Secure Firewall Threat Intelligence Director.Transport and Network Layer Preprocessors.Advanced Network Analysis and PreprocessingĬontrol Settings for Network Analysis and Intrusion Policies.Network Malware Protection and File Policies.Global Limit for Intrusion Event Logging.Network Analysis and Intrusion Policies Overview.Clustering for Threat Defense Virtual in a.Logical Devices on the Firepower 4100/9300.Getting Started with Device Configuration.
0 kommentar(er)
