https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5283353#M1120666 <P>Yes some other domains like google and youtube are already inspected i can find logs of ssl decryption in connection events for these domain in addition to they have local CA that i configure in FTD&nbsp;</P> Mon, 21 Apr 2025 12:58:32 GMT elkabeermg 2025-04-21T12:58:32Z https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5282929#M1120646 <P><SPAN>I’m currently testing Cisco Firepower Threat Defense (FTD) version 6.3 deployed in EVE-NG, and it’s managed by Firepower Management Center (FMC) version 6.7.</SPAN></P><P><SPAN>I’ve configured an SSL decryption policy to perform SSL inspection on all outbound HTTPS traffic. The policy is working as expected for most domains (e.g., Google, YouTube, etc.), but I’ve noticed that SSL inspection is not applied to wikipedia.org and its subdomains, even though:</SPAN></P><UL><LI><SPAN>There are no exclusions or bypass rules configured in the SSL policy.</SPAN></LI><LI><SPAN>The domain is not listed in any trusted CA override or rule.</SPAN></LI><LI><SPAN>No rule explicitly matches or excludes Wikipedia.</SPAN></LI><LI><SPAN>The client browser shows a direct connection using the real Wikipedia certificate, not the re-signed one from the FTD device.</SPAN></LI></UL><P><SPAN>I’ve double-checked the access control policy, SSL rules, and certificates, and everything seems fine. I’m wondering if this could be related to:</SPAN></P><OL><LI><SPAN>A default system-level bypass in FTD for specific websites?</SPAN></LI><LI><SPAN>Some behavioral limitation when running FTD in EVE-NG?</SPAN></LI></OL><P><SPAN>Has anyone experienced similar behavior with Wikipedia or other major domains not being inspected? Any ideas or suggestions for troubleshooting this would be greatly appreciated.</SPAN></P> Sat, 19 Apr 2025 07:45:00 GMT https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5282929#M1120646 elkabeermg 2025-04-19T07:45:00Z https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5283088#M1120653 <P>I dont known but are FTD in eve-ng have a ssl license.</P> <P>This need to make ftd encrypt ssl traffic.</P> <P>MHM</P> Sun, 20 Apr 2025 11:47:59 GMT https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5283088#M1120653 MHM Cisco World 2025-04-20T11:47:59Z https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5283353#M1120666 <P>Yes some other domains like google and youtube are already inspected i can find logs of ssl decryption in connection events for these domain in addition to they have local CA that i configure in FTD&nbsp;</P> Mon, 21 Apr 2025 12:58:32 GMT https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5283353#M1120666 elkabeermg 2025-04-21T12:58:32Z https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5283416#M1120668 <P>Did you verify the Wikipedia https traffic is tcp/443 (SSL/TLS) and not udp/443 (QUIC)?</P> Mon, 21 Apr 2025 15:27:46 GMT https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5283416#M1120668 Marvin Rhoads 2025-04-21T15:27:46Z https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5283431#M1120671 <P>I already make a acp rule that block udp 443 above main rule&nbsp;</P> Mon, 21 Apr 2025 15:54:29 GMT https://community.cisco.com/t5/network-security/ssl-policy-not-applied-to-wikipedia-domain-in-cisco-firepower-6/m-p/5283431#M1120671 elkabeermg 2025-04-21T15:54:29Z