We need to implement a new FTD as transparent mode in our network where it will put between the first stage of firewall and Perimeter Firewall and we need to pass all traffic " Web and Email traffic " through this device where we need to inspect all traffic.
We're using Web security appliance and Email security appliance and we have CA so my questions are:
1. Which certificate have we use to inspect all traffic " Web and Email " ?
2. Which requirements do we have before our Implementation and steps of implementations?
If you already have WSA and ESA then they inspect your web and email traffic respectively.
Why would you want to also add the FTD as an additional inspection explicitly for those traffic types? You can just use it in normal IPS mode and don't do anything special for web and email on it.
Decryption is a very deep topic. Very few organizations elect to decrypt outbound web traffic with FTD. Doing so requires a significant effort and is a challenge that's not easily answered in a support community thread. It should instead be part of a well-thought-out project executed by competent systems engineers.
I've never seen anyone chain together decryption. To do so successfully each step would have to trust the certificate of the next one. For instance, client trust WSA certificate, WSA trusts FTD certificate and FTD decrypts and re-signs traffic destined for the Internet.
Even when it it is only FTD involved it's a hard problem as a large and increasing number of sites and services do not allow decryption and doing so will break the application (Dropbox, iTunes, Google services etc.).
Generally speaking you're better off supplementing solutions such as are already in place with endpoint-based ones such as Umbrella and AMP for Endpoints.
If I was going to undertake what you're trying to do, I would try it in a lab first to validate the concept and then deploy it very carefully, starting with a small group of pilot users.
This document describes how to generate an FXOS troubleshoot file for 2100/4100/9300-series devices
The information in this document is based on these software and hardware versions:
Cisco Firepower 9300 Security Appliance r...
FP URL filtering capability can classify the URLs based on:
Reputation (risk level)
This varies from High Risk (level 1) to Well Known (level 5)
Category + Reputation
If you select a reputation level to allow,...
Cisco Press has published a step-by-step visual guide to configuring and troubleshooting of the Cisco Firepower Threat Defense (FTD). Each consistently organized chapter on this book contains definitions of keywords, operational flowcharts, architectural ...