Wednesday, December 5, 2018

FirePOWER TLS Issue/Blocking Sites

Hey.

All of a sudden various external websites stopped loading within my enterprise. The TLS handshake is failing and the problem appears to be within FirePOWER.

I can take the domain, add it to the whitelist and apply....it'll then work no problem. However I don't understand what FirePOWER has done to begin causing this problem. All of a sudden a boatload of reports of various domains could no longer be reached, all the same problem. Whitelisting various domains is just not feasible though.

We've made no policy changes since this occured and yesterday, just seems overnight something happened automatically and I can't wrap my head around it. There's nothing denied or any logs to suggest FP is blocking anything, but I've been able to prove through the whitelist that is the source of failure.

All the domains being reached are using TLS 1.2, so I don't feel like it's picking on an older version.

Anyone seen anything like this before?

edit: Looks like FP is flagging TLS as "common VPN Traffic" and thus dropped in the policy. wtf.



No comments:

Post a Comment