I will use the @MilesMeraki words.
"I'm under the assumption that this might be removed/no longer available. The HTTPS feature on the MX's caused severely degraded throughput once enabled plus an array of other issues.
I think the direction now going forward will be to perform the HTTPS/TLS decryption by a SASE security service like Umbrella in-line between the MX and the Internet/SaaS traffic. If you have a look at the updated Sizing guides this also seems to be the "recommended" approach. (https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file).
This isn't necessarily a bad thing. SASE security architectures allow for the same security posture and enforcement to be maintained no matter the user's location. This would effectively mean that their HTTPS/TLS traffic would be still decrypted when either on a trusted network or on an un-trusted/un-managed network. Most vendors are now taking this approach to security."
Original post: https://community.meraki.com/t5/Security-SD-WAN/HTTPS-Inspection-on-MX/m-p/135063
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.
Please, if this post was useful, leave your kudos and mark it as solved.
