Configuring the SSL Preprocessor

Note

This section applies to Snort 2 preprocessors. For information on Snort 3 inspectors, see https://www.cisco.com/go/snort3-inspectors.

Procedure

Step 1

Choose Policies > Access Control, then click Network Analysis Policy or Policies > Access Control > Intrusion, then click Network Analysis Policies.

Note

If your custom user role limits access to the first path listed here, use the second path to access the policy.

Step 2

Click Snort 2 Version next to the policy you want to edit.

Step 3

Click Edit (edit icon) next to the policy you want to edit.

If View (View button) appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.

Step 4

Click Settings in the navigation panel.

Step 5

If SSL Configuration under Application Layer Preprocessors is disabled, click Enabled.

Step 6

Click Edit (edit icon) next to SSL Configuration.

Step 7

Modify any of the settings described in SSL Preprocessor Options.

  • Enter a value in the Ports field. Separate multiple values with commas.
  • Check or clear the Stop inspecting encrypted traffic check box.
  • If you checked Stop inspecting encrypted traffic, check or clear Server side data is trusted.
  • Enter a value in the Max Heartbeat Length field.
    Tip

    A value of 0 disables this option.

Step 8

To save changes you made in this policy since the last policy commit, click Policy Information, then click Commit Changes.

If you leave the policy without committing changes, cached changes since the last commit are discarded if you edit a different policy.

What to do next

  • If you want to enable intrusion events, enable SSL preprocessor rules (GID 137). For more information, see Setting Intrusion Rule States.

  • Deploy configuration changes.