https://community.cisco.com/t5/network-security/ftd-firepower-policy/m-p/3348529#M1031744 <P>Hi,</P> <P>&nbsp;</P> <P>Have you configured an SSL decryption policy?</P> <P>If not, that's normal. You can't block what you can't see.</P> <P>HTTP is clear-text, HTTPS is encrypted. Being encrypted, means (by default at least) that you don't have any data visibility from sensor's perspective.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Octavian</P> Wed, 14 Mar 2018 15:25:28 GMT Octavian Szolga 2018-03-14T15:25:28Z https://community.cisco.com/t5/network-security/ftd-firepower-policy/m-p/3348281#M1031743 <P>Hi Team!</P> <P>&nbsp;</P> <P>I am having some "trouble/issue" with setting a Policy in the FMCv.</P> <P>I have manage to create a Malware policy to block Malware (Block with reset), Ok that works fine.</P> <P>But at the same time when I am downloading the same Malware with HTTPS/SSL, it allows it!????!??!?</P> <P>The same is with PDF files. I have created a policy to Block PDF files. Thats fine except when HTTPS is used which allow them.</P> <P>&nbsp;</P> <P>Any thoughts?</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Feb 2020 15:30:46 GMT https://community.cisco.com/t5/network-security/ftd-firepower-policy/m-p/3348281#M1031743 Fotiosmark 2020-02-21T15:30:46Z https://community.cisco.com/t5/network-security/ftd-firepower-policy/m-p/3348529#M1031744 <P>Hi,</P> <P>&nbsp;</P> <P>Have you configured an SSL decryption policy?</P> <P>If not, that's normal. You can't block what you can't see.</P> <P>HTTP is clear-text, HTTPS is encrypted. Being encrypted, means (by default at least) that you don't have any data visibility from sensor's perspective.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Octavian</P> Wed, 14 Mar 2018 15:25:28 GMT https://community.cisco.com/t5/network-security/ftd-firepower-policy/m-p/3348529#M1031744 Octavian Szolga 2018-03-14T15:25:28Z https://community.cisco.com/t5/network-security/ftd-firepower-policy/m-p/3348551#M1031745 Indeed, <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> <BR />Do I configure the decryption policy from Acess Control - SSL - Create Rule? Because under that, there are choices as Decrypt - Resign, Decrypt - Known Key - Block - Block with Reset<BR /> Wed, 14 Mar 2018 15:39:06 GMT https://community.cisco.com/t5/network-security/ftd-firepower-policy/m-p/3348551#M1031745 Fotiosmark 2018-03-14T15:39:06Z