21. Cisco Firepower Threat Defense 6 2 2: SSL/TLS Decrypt

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

firepower threat defense ssl decrypt okay we're gonna go through a couple of use cases here so if you look at the topology what we got here is starting on the outside we've got an outside host that's gonna connect to a DMZ which is represented by the orange switch we're gonna do some decryption inbound here we also have an inside network that shown is green here we're gonna do some decrypting as we get out to the internet as well as to the DMZ and we have our management network with fire power management center and we also have active directory so we can build policy based on user in groups so the use cases that we're gonna focus on is sales one is gonna decrypt and re-sign job posting URLs HR group is going to decrypt resign social applications and then everyone's gonna get decrypt reassigned for Netflix do not decrypt Health and Finance and the default action is gonna be do not decrypt okay so we're gonna use Active Directory for the first two options and then the the last option obviously is going to be anybody we're also gonna do decrypt and re-sign using distinguished name for AI car this is gonna let us look at malware in SSL or TLS and then we're also gonna do decrypt with known key so we're gonna import the public key and the server key of a DMZ server offering web services alright so let's get started so the first thing we're gonna do is we're gonna download the CA certificate from our enterprise route CA so this is a vanilla default installation it's got Microsoft certificate authority and I didn't do anything more than do the installation so I've just downloaded the CA we're gonna go to objects object management here we'll go to PKI and here again what we can do here is we can add a couple of objects and then use it variety of places within the management console itself so let's add that trusted CA we'll give it a name and now once we've done this we've we have this object available to us right and we can use it within ssl/tls decrypt all right so that's good now the next step in the process would be let's create an internal CA this is going to allow us to do our issue certificates on behalf of the sites that we want to decrypt and then obviously if that allows us to decrypt that payload and be able to do full inspection on it if we look real quick just before we go there you can see the attributes of that CA certificate all right so let's go to the internal CAS and will generate a CA and we'll give this a name okay something meaningful of course then from here we'll do the country name we will add the you know province or state and then the locality or city maybe the organization the organizational unit and the common name and what we'll do here is once we get this filled in we'll generate that certificate signing request and then we're gonna move over to our trusted certificate authority and sign it as a subordinate a CA so it can issue certificates on behalf of the enterprise root CA just finishing up here we'll enter the name and we will generate the CSR all right we'll just ctrl a inside here and ctrl C to get that do a copy of the CSR request now go to certificate authority we'll go back to the root of cert serve and we'll click request a certificate we'll do advanced certificate request and we'll paste that file in and we'll ask for subordinate certificate authority I'm logged in as administrator here as well on the console so we'll do the submit and you can see the certificates been issued we'll download that certificate give it a meaningful name to make life easier later and then we're gonna go back and install that certificate okay so we'll go back to that CSR we'll go to install certificate will browse we'll select it and we'll save that out okay again just like the other one we've got a view of all the attributes that make up the certificate right from the Lydda tea-time subject name etc and now we have that available to us right so now we can start building out our policies now everything under access control in my mind anyway is more of an advanced object right it's still building policies but it's not used until you add these these elements to the access control policy so here we'll create a SSL policy we'll give it a name and the default actions gonna be do not decrypt okay now before we start building policy let's go to the trusted CA certificates and let's add that trusted CA that we we added earlier and I have a habit of hitting save all the time right it's just like back in the day when we used to write memory or a copy run start so it's a behavior I picked up here I have unbe cryptical actions right so I can say unknown cipher suites want to block with reset for example so you can set that at the top level and then force that further down here the default actions do not decrypt I'm going to set logging on again I'm putting logging on here because I'm gonna do a lot of testing right but you always want to be selective in the logging that that you do and again when you're building policy even though you have a bunch of available attributes to build a policy all you need to do is use the minimum amount to make the flow unique enough to to match right just because you have eight or nine or ten attributes that you can add to it it's not recommended that you do that right just do enough that you need to identify the flow and save the additional performance overhead right okay so let's give this a name and this one's gonna be the the know decrypt for Health and Finance right we're we don't want to get in trouble with HR and typically users do or most organizations now are allowing users to use the computers or systems for personal use and Health and Finance might be one of those personal uses so we probably don't want to get in and start decrypting that traffic so we picked a zone right we've got our network we can do it based on applications in our case we're gonna do it based on URL categories for this particular instance so let's go through and select a specific category so Financial Services is one and the other one will be health and medicine okay now you can see we have additional of available attribute certificates we can do distinguished names we're gonna do that a little bit later on actually I can also do the search status right I can actually say yes or no to something like cell science certificates I have cipher suites right I can use one or many I can create a group if I wanted to so you can see here I can give it a name I can add the cipher suites and then add them over I can do it based on version so I can say SSL v3 and I don't want that to be available for example let's log and I'm gonna come back to why I have this do not decrypt policy at the bottom when I already have it do not decrypt as the default action so I'll come back to that in a second but first let's let's build out the HR policy all right we give it a name just like before and now what we're gonna do is decrypt Andrey sign okay and now we'll select that subordinate CA and inside to outside is the the where we want to decrypt and we're gonna pick the inside network as the source and as we go along here there's additional attributes that we could use again we only need to pick the ones that we need to define the flow so we need users because this is going to be our we're gonna use groups but we need that element obviously because this is very specific to a department for example now we'll go through and we'll do categories here as well okay and in this case what we don't want our sales folks to do without having additional inspection I guess right is is job search so we will perform decryption for anything that falls under the job search category now you always pick where you want this policy right so you can always drag and drop the policy after you add it but you can also select where you want that placement as you're building the policy itself so here let's give this one the name this one's going to be a little bit different right the attributes that we're going to use are almost all the same except we're going to use applications right and obviously we're gonna pick the HR group in this case so again decrypt pre-sign webinar the webinar subordinate see a name that we gave it we select that we do the inside the outside the inside Network and now we're gonna go to applications and in this case you can see there's a variety of different categories that we've got built into the box but we're gonna pick social networking alright we'll add that over we'll select where we want to insert that rule will enable logging and again we have all kinds of other attributes that are available to us let's make sure we grab that HR group and let's add that that rule so now we've got the three rules in place right so we got sales we've got the HR group they're both doing decrypt resign and now we have the all everyone financed and helped do not decrypt and the reason why I've added that on top of the default action is because if anybody changes the default action I still have a policy at the bottom that ensures hopefully that we're not decrypting that traffic right someone would have to go in and either delete or remove or disable that rule right and then so that's obviously somebody and knowingly doing that right at that point now in order for it to work you have to actually assign it to the access control policy so this is what I'm doing here all I did was go into the access control policy and I've selected that policy and we save it out and then we have to deploy okay we have to push that policy itself now let's go back to the rules and check our rule so we have a bottom rule here number four it's inside Zone two outside two DMZ and the inside network is a source and there's an allow policy and we have IPS and malware enabled so we do have an access control policy that's allowed now we'll get connection events open and running here but the one thing I want to note is if you're looking to do IPs and malware inspection or some of the advanced capabilities and you're looking at all traffic and your traffic is SSL and you're not decrypting it well you're not inspecting it right you have to decrypt that payload in order to inspect it all right so what I've done here is I went to table events so there's connection a table that you can view right and then there's the table events so that that allows us to grab additional columns and you can see here I'm adding a couple of one a couple of columns here focused on SSL now you can see there's a ton of options your QoS NetFlow data user agent etc obviously select the things that are meaningful for you and in this case because we're focused on SSL I'm adding a couple of extra attributes that that interest me in this specific use case so once I save that now I have that ready right I can now start maybe testing right and the other thing to note here is that we're 14 minutes in and I've already built an SSL decrypt policy with multiple use cases and it's done and working right we're gonna test it to make sure it's working but it's only been less than 15 minutes and we've imported the certificate created an internal subordinate CA we built the policy we assigned it to access control and we've pushed it right but let's do some testing so we've logged in at this point right we've just tested the DMZ it's working we've just went to the Internet it's working and we're just testing to make sure that all things are working and we've logged in as the sales user right so let's go through the scenarios here so the first thing is and this is going to be a little repetitive but it's gonna show you that the policies not just working for some things and not others it's actually working as expected right so let's look at the certificate we know Google's shouldn't be decrypted and and in this case it's not okay but it was a an SSL TLS site and I'm using them interchangeably but we're obviously there's a difference between SSL and TLS now let's go to a social site like LinkedIn okay all right we go to more tools we go to developer tools view certificate and you can see that digi cert signed it so we're not in play here right so that's good we're not decrypting and this is an expected behavior at this point let's go to a job posting site like monster CA we'll go to more tools developer tools we'll go to view certificate and you can see here we are intercepting right and we issued the certificate pretty cool and if we look at the certificate chain we see our internal subordinate we can see our our route CA and we can see all the attributes when we look at the details that we filled in pretty cool right so far so good let's pick another one just to make sure that wasn't just a lucky guess that we've got this working right by chance or something like that let's go to work coppola s-- we can see it's secure we go to more tools we go to developer tools we've used certificate and for most of they are probably already seeing it you can see that we are it in fact decrypting that payload alright so so far that first use case is certainly working as desired right so the sales is a check right we're good there now let's look at some of the logging right so do a quick refresh will scroll across here right and you can remove some of these columns that aren't of interest to you and you can see very quickly the ssl status we've got some unsupported cipher suites that were flagged under to the default rule some do not decrypt and look at this decrypt resign okay that's a good sign we can see sale job posting okay there's the rule name we can see it's HTTP now because from an application protocol perspective because we're at word man in the middle and we decrypted that traffic right we can see the certificate status right we've got some other elements with unsupported right not checked and that was the default rule pretty good like in what I'm seeing here so you can see here Facebook default rule right that it was hit so a lot of times you'll go to a site and won't realize how many different sites that you actually interact with when you go to a single site right it could be you know ten fifteen maybe a hundred right it's it's crazy the amount of different websites that make up a single site okay so let's make sure we've got the right user right so I'm gonna add initiator user here so apply that and all I want to do there we go sales perfect okay so that first test was was as expected let's um let's actually go back in as sales again and let's close the loop on the banking sites right for example and and for the sales user the HR user or any user that logs in right that could be anybody even if they're not part of Active Directory should fall under this do not decrypt health finance right so let's go to one here let's go to a bank site we'll go to more tools let's go to developer tools and you you might have you might be wondering right now going wait he's not getting a certificate warning how come well if this is a Microsoft environment the root CA would already be there right you can see that we did not decrypt that traffic by the way right so the you you you typically would use GPO and it would be already the trusted root CA would be in the trusted boots store on the on the actual work stations so you can see here this one again not decrypted right so far so good let's go to one more here again let's make sure it's not by chance or by luck or whatever it is right it's actually functioning as expected and and here we go right it worked again okay so we've we went through you know a couple here I would say that this policy is working but let's check logging and make sure that it is working as expected now the one thing with logging here and we're gonna go to search the one thing with logging is I've only got a couple of machines and you can see how much logs that work or or getting right so you can imagine if you were in an organization with a couple hundred machines or a thousand right it'd be very difficult so what we're gonna do here is we're using search we're looking for cibc comm in this case so we can focus and we can see do not decrypt now let's make sure it's not hitting the default policy perfect right it's hitting that policy that we created it's not hitting that default action all right so far so good okay this time we're gonna log in as HR now if you remember with HR we're actually going to decrypt only social applications okay so job sites job boards right searching that that should not be decrypted the only thing that we're gonna decrease social sites so same check let's check the the DMZ that's working right I'm just checking connectivity here normal traffic to you know a normal site that's working so that's good so internet DMZ is working now we go to a job site we go developer tools right at this point everybody's got this down pat view certificate and we could see digi cert signed it okay so far so good that's an expected behavior let's go to Facebook now this is a social site so it says secure go to more tools developer tools and what's interesting here is is that we've issued a certificate with a wild card right star dot facebook.com because what we try to do is copy what the certificate actually is from the site that you're actually really trying to get to so if it was a wild card we're gonna put a wild card in there now if we go to LinkedIn for example another social site we should see that this is decrypted if the behavior is correct and and it is and we can see that it's not a wild card right it was dub-dub-dub LinkedIn com so again the desire that the results are what we expect at this point right so I would say now we've got all users check we've got sales working check we've also got the HR user working now I'm just gonna check next Netflix here and and I'm just gonna prove that we're not decrypting this traffic and and someone asked me specifically to include this for their specific use case so I'm gonna do that for them so we can come in we can look at the certificate it's not decrypted at this point in time so that that's good that's an expected behavior as well so let's go ahead and look at some logging here so scroll across and again you can imagine if you have hundreds of assets going through this machine so you can see here do not decrypt right not checked so you know you get some good insights what's happening from a you know an HTTP perspective there's our Netflix there which hits that default rule because we haven't created anything for that but it is an expected behavior and we will decrypt that shortly well that's pretty good so far right but what about Facebook right so we can continue to go through here we can see the HR user we've got some unknown traffic there for somebody that might fall outside of Active Directory right we can see do not decrypt but it you know going through the logs this way what I'm trying to show here it because it can become very challenging right there's lots of data so you want to leverage search as much as possible right wherever it makes sense because we can go a page after page after page so let's jump the search because we have some interest in in Facebook at this point in time we'll jump down to URL we'll enter a URL cuz we're looking at connection events so let's just put in something like start out Facebook do a quick search we can save these searches out too so if you have specific use cases right that that you are interested in like DNS sink holing you can build out search searches and save that so we can see the top one there the HR one user it says decrypt free sign we can see our cipher suites right and we can see HR social decrypt Facebook right so perfect again an expected behavior and it's nice just coming in and validating the connection log so this one here what we're gonna do is we're gonna log in as all users and we're just going to make sure that they aren't being decrypted right so they it they're not gonna fall into the HR and they're not gonna fall under the sales group and and essentially they're gonna hit either the all policy for Health and Finance or the default action of do not decrypt so if I go to jobs or if I go to social sites we shouldn't see any decryption here so let's give this a try right here we are at the job boards and we can already see digi cert sign that cert so okay that's working fantastic we can see the the certificate path here so that was jobs let's go to social okay cuz we know it's decrypting this for HR or in this case HR or sales for jobs right so we just want to make sure we're not hitting any of those policies and again we can see that that's being signed by the original entity so so that's good and just to be thorough here let's go to Facebook again we can see it's digi cert real quick and you can see that wild card cert right start out Facebook okay good so far so good you can see some of the logging here you can see that no authentication requested so that that's a user that has not been identified because they're not part of Active Directory for example and you can see that deep do not decrypt and that default rule is what's actually being applied here right so there's some of the sites we went to Facebook obviously was one and that bottom here is LinkedIn and it also hit that default rule so perfect so far so good right everything's working as expected so let's let's build another policy here and this time we're gonna do Netflix and again this is really here to satisfy a request I had from somebody out in the the world of firepower wanted to see this so let's do decrypt resign at this point everybody's probably know exactly what's gonna take place here placement of the rule could be important right we're inside to outside we're gonna decrypt then resign this one we can pick a specific network in this case we continue to do the inside Network will do applications right so we'll do the Netflix application and again we can do things with additional attributes in this case we're not going to do that and then we're gonna log end of connections we can put it and place that rule where we feel it would be best served and we can add that rule you can see it here all right so now we can save this out and we can deploy and then what we'll do is test this one and then we're gonna get into some other really cool decryption scenarios so let's go to logging cuz logging is your friend here especially when testing the one thing to note too with access control policies you don't need to log everything a lot of people tend to feel that they need to log but you don't need to log for everything even if there's an IPS or malware policy assigned to it you don't need to log it all you have to do is you can put do not log if it makes sense and then have the alerts will still be triggered say for IPS or malware so I meant to Netflix it looks like it's secure right so we still have SSL TLS encryption and you can see that we issued the certificate okay so no surprise here I think everybody's seen this at this point right we've been fairly successful so far our policies have been working right and I'm just generating a couple of extra logs here just so we can look at it here alright so so that certainly worked as expected all right table events okay we'll scroll across and all we're doing is quickly looking for Netflix and you can see there's a bunch of do not D craps we can see default rule being hit and then just under there we can see all Netflix decrypt and second from the bottom we actually can see it there as well right so here's the link here you can see the version of Chrome all decrypt okay same thing right so success right we so we saw it from the results of the the user right already but we also can see it in the logs as well so so far so good right again now we're what thirty minutes in we've got multiple different policies but this time now what I'm gonna do is I'm gonna go to II I car and I'm gonna download a sample of malware and I'm gonna do one with HTTP we have a default policy or sorry it's not a default policy I have a policy that's created that does inbound our inside/outside that will do IPS and malware inspection so HTTP when we connect to it we should get a reset so let's see what happens here look block and reset that's exactly what we're expecting based on that access control rule now if I click on a SSL one what happens here look at it would have been downloaded now the reason why it was blocked is because of Microsoft's AV capability right not because we stopped it it's because they stopped it so let's look at the malware events right i can go to malware malware events and then actually click on it and see the life cycle of malware on my network right this is network file trajectory and we can see multiple instances here so in order to fix that SSL issue because we are blind to that specific piece of malware we're gonna add a rule here and and it's gonna get interesting here because we're gonna actually do the deep we're gonna look at the distinguished name right or the CM specifically of the certificate in order to decrypt so we don't care about the site we don't care about the application we are just gonna look for a certificate if the certificate matches we're gonna decrypt will use ports this time just to you know have some different flavor here and here we you can see on the left side there's a whole bunch of default objects already available so I'm gonna keep the same naming convention I already know it's secure a icar org because I check that first and I'll show you that in a second so now I'll just put CN and then equal secure da key Ike are org and save that out and then I'll pick that policy and and are sorry that element and then add it across here alright so there we go it's added we can do a couple of other things here if we wanted to let's give it a descriptive name and we're gonna decrypt Andry sign once we do this we'll save this out obviously we're gonna place this where appropriate now something interesting is going to happen here you can see the little eye when I hit save 2 you get this little see that little eye here at the side now what it's saying is is that I've got to figure out that URL before I'll hit this rule so there could be some delay so the beautiful thing with firepower is it'll give you an idea of what the problem is when you build a policy or if you make a mistake there'll be a red box within the element that you're configuring and it'll just say hey you can't do that right so it tells you exactly what you need to do in order to solve the problem in most cases so here we're gonna do that and push this out just like before we'll go to events we'll go to table events right alright so the first thing I'm going to do here is I'm just gonna turn off the Windows Defender because I want to make sure that we're seeing our box the logs will show that anyway but we want to make sure that there's nothing else that potentially blocking the file right I want it I want you folks to see exactly what's taking place here so I'm just gonna disable defender all right so we get the warning we should get a malware reset or sorry a reset when we go to pull that piece of malware and we did and now we should get a another reset here so we'll do block with reset and in this specific policy and look at that it worked ok but real quick what I want to do is I can show you the certificate here developer tools and you can't see it here what I have to do is go to the root here so let me just get rid of that enter OK and go to view certificate and you can see there's issued by right so perfect right it worked exactly the way we wanted it to work and now in this specific case we are actually mitigating malware coming through a SSL / TLS connection all right let's just reload this and check the logs to make sure that the logs are what we expect even though we saw the results so file block you can see that right away you can see decrypt free sign right so that's good and you can see the rule is the rule that we expected and you can see the application protocols HTTP because we've decrypted it so so fantastic right so that that's working as expected let's go to malware events real quick and we should see all the attempts so we see 14 there because they did a bunch of refreshes and you can see two IP addresses right and you can see it's blocked so that that worked exactly how we expected it to work now in this case what we're gonna do is we're going to come from the outside into the DMZ server but we're gonna copy the public key or sorry the private key and the certificate from that web server and we're gonna upload it to fire power management center and so we go to internal certs we're gonna browse now to that so I've already exported that so you didn't see that piece but I exported it put it on a share and then now I'm copying it into this fire power management center so let's grab the certificate and then the key and now what this is gonna allow us to do is it's not really man in the middle now right because we own or have access to that that private key right so we can actually take care of this so we shouldn't see the subordinate and from a user perspective they're blind they don't know that we're actually decrypting alright so we've got that added right we're 40 minutes in now and we've done multiple different SSL rural policies we've tested and validated those policies pretty easy stuff right once you have an idea of what you need to do to get it to work it's fairly easy even something like SSL decrypt so the first thing we're coming from the outside I want to check the box so let's let's connect we look at the certificate all right well that's what we expect right no magic here and you can see that there is no man in the middle there there wasn't a subordinate CA right okay so far so good let's go connection connection events and if we go across here we can see the top one here there's the site do not decrypt okay well that's exactly what we expect we haven't done anything right all we've done is that import of that key right and certificate so let's go ahead and build a policy now right and and the reason why I showed you this is to two reasons one is first to show you that we're not doing anything at this point right so it is a policy that we need to create and second is I want you to see what the certificate look like in its native form right where the web server is the one doing the SSL or TLS portion not us as acting as man in the middle so let's do you know we're doing outside to in or inside right here to dmz sir okay so that's all good let's give it a name do not decrypt well we got to change that right decrypt with known key that's the difference here and now we're gonna grab that object to move it over let's go back up and give that a name that's meaningful and you can see that a couple of tabs got grayed out right they're not available for us in this particular deployment but we can still do things like search status or certain cipher suite or version let's place the rule appropriately there's the search status right so we still have that as option so if we have an internal web server we can start disabling some of the capabilities that aren't available on the box or enforcing the higher levels of encryption maybe okay so that's all good we enabled logging let's do HTTPS for destination port again I'm just trying to show flavor here right there's lots of different ways of doing this we could have done applications for example so decrypt with known key right so not decrypt re-sign which needs the subordinate CA to issue the certificate zombie have we are actually going to decrypt with the actual private key all right so let's push that policy out and again you could have built all these rules all up front get it all completely done and only push the policy once right I'm doing this in stages specifically to show you each step of the way right it's certainly more work doing it this way but you really get to see the product working alright so table view right I want to go back here and some of you guys may have picked up something that I did in that policy right you might have been sitting there going wait a minute there's something not right and you might be right right but hold on right I've got to put a little bit of troubleshooting a little bit of it right a little more than what we've been showing up to this point right looking at policy and the result so so it's there and we'll get to it right but first let's look at all the options from an SSL perspective look at all the options you have SSL SSL flow action right it's it's incredible the amount of attributes that you have available to search on and that's just SSL right so you can look for something very specific in your organization right and again you can save these policies though so maybe in the DMZ you might have specific requirements for compliance well you can create a recurring report that comes out and shows you what unsupported features might be there or ciphers that might be there right so here what we've done is we're outside in and we've reached it it's working well it looks kind of the same right at this point it looks the same as what it did and it should probably look the same right because it's known key right so it shouldn't change the way the behavior was originally but let's look through this so we can see here we've got some logs it says do not decrypt okay you see the URL that's right if I look at the policies defaults hmm all right I'm missing a couple attributes here so let me let me add let me add a couple more fields let's grab some SSL magic that's a cell actual action policy rule versions always good let's do certificate status as well okay let's apply that and let's have a quick look all right let's scroll across now and let's just confirm what we're hitting ah interesting default rule we didn't actually do anything we didn't actually deep crept here well that's not good this is our first failure right so far we've been hitting you know perfect and now we've got an issue where that policy now I know I did push the policy oh but let's have a look at it so we know it's deployed let's see outside inside to dmz inside the dmz wall wait a minute yeah that okay gotten a habit inside outside outside inside I forgot the zone is actually DMZ so it's outside the DMZ all right let's save that let's deploy and let's retest and hopefully this time the results are in our favor right it's actually working alright there we go we push it out and what I try to do in some of these right so this was a webinar that was requested at one point what I try to do is maximize the time I want to make sure that I show you as much as possible in the shortest amount of time but I like to be thorough as well so here we've connected outside and we can see again it's exactly the same right the certificate was the same but let's look at the logging itself so again from the user they would never know oh look at that first line there decrypt known key and if we move it across we can see the cipher suite the policy and the rule fantastic right it worked and from a user there's no way of knowing now we all know most users have no idea anyway unless maybe they get a certificate warning and then some would even argue that that wouldn't matter because they just continue to progress right so let's look at some of the dashboarding right I'm gonna where we're done really doing configuration I just want to show you some of the other things that are available so you've got different views of the SSL decrypt or encrypt great doesn't really matter we give you a lot of statistics around SSL itself and this dashboard might be something that you're interested in and you'd love to build reports from so all you have to do you can customize even further but all you have to do is go up to the right here click report designer and we can take all these dashboard elements throw them into a report template for you automatically get rid of the ones that you don't want or have interest in keep the ones that you do or modify them and now you have a report that's generated off the dashboard that you created pretty cool so if I sit here now and generate that report it'll come up in a second here I can go to reports as well if I wanted to but let's just open it up here and you can see again decryption over time the actions the status etc right so again pretty cool pretty easy to do unfortunately no rocket science and now I have that report template and I could now schedule it so how would I do that well you can just go up to scheduling right so just go to system we're gonna go to tasks will go to scheduling and then from here now we can do all kinds of different things but our focus right now is the reports let's drop that down to reports let's hit recurring you pick the time the date right how much you want it to repeat right every week month whatever which day for example or maybe a couple of times a week right this is fairly self-explanatory what I'm trying to show you here is you may not be aware of this scheduling capability right there's a lot of things that this product does so again I'm just trying to expose it to you I could have made this video 15 minutes to show you SSL decrypt with all the policies I created but what I wanted to do is help you get a true understanding of the product so we saved this out at this point we can see that we've got you know on the 27th we generate over a report on Friday and as you can see it's recurring every week pretty cool right and pretty easy that's it

Info

Channel: Jason Maynard

Views: 12,114

Rating: undefined out of 5

Keywords: NGFW, Cisco Security, Firepower, Firepower Threat Defense, FTD 6.2.2, Threat-Focused, SSL Decrypt, TLS Decrypt, NGIPS

Id: HUEGbZML1xU

Channel Id: undefined

Length: 51min 24sec (3084 seconds)

Published: Thu Nov 16 2017