collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: SSL Decryption on a custom URL category in Cisco SourceFire (On behalf of Terry)  (Read 263 times)

Offline Administrator

  • Administrator
  • Cisco King
  • *****
  • Posts: 43
  • Reputation: 1000
    • View Profile
  • Certification: N/A

I’m wondering if anyone has tried to configure SSL Decryption with the criteria of a custom URL [object] category in Cisco SourceFire. The reason I want to do this is due to a testing scenario—put a couple of URL’s in a URL group (Ex. yahoo.com, eicar.org & others), tell the SSL decryption policy that user “jdoe” needs decryption when going to these URL’s, have that user download test malware from eicar.org to demo the functionality etc. Without the ability to do this, there is a whole demo I cannot do. From what I can see—I created the custom URL object & URL group (objects > object management, URL etc.) That custom URL object is there if I go to Policies > Access Control Policies & look at my URL based ACP. In other words, I can click on that custom URL object & do some action with it. When I go to Policies > SSL & create an SSL decryption policy, click on the “category” tab, the regular well-known URL pre-defined URL categories are there. But the custom URL object / category is not even there, not even selectable (With or without having done a “deploy” after I created the URL object). I’m now thinking that you cannot configure a custom URL object to be included as a URL category where you’re doing SSL decryption as the custom URL object does not show up as a selectable item in the config. Because of that, I’m also thinking that, if you need to do SSL decryption off of URL categories in Cisco SourceFire, you need the URL filtering license Thoughts? Thanks!

Offline Administrator

  • Administrator
  • Cisco King
  • *****
  • Posts: 43
  • Reputation: 1000
    • View Profile
  • Certification: N/A
Any configuration related to URL reputation or category requires you to have URL Filter license. Although we have not tested this, you should be able to create object based on just the URL name (eg. You are not allowed to view links. Register or Login) to match traffic as that should not require additional license.

 

Related Topics

  Subject / Started by Replies Last post
3 Replies
3225 Views
Last post September 19, 2013, 09:26:41 PM
by MC
0 Replies
1411 Views
Last post March 10, 2014, 12:25:04 AM
by adecisco
3 Replies
2061 Views
Last post September 29, 2015, 11:13:35 PM
by MC
13 Replies
4139 Views
Last post March 23, 2016, 05:10:06 PM
by MC
1 Replies
1254 Views
Last post May 16, 2016, 09:57:43 PM
by MC

SimplePortal 2.3.5 © 2008-2012, SimplePortal