Is there a way to create a do not decrypt rule for a set of domains or FQDNs? I do not see a URL tab in the the SSL ACP. Running 126.96.36.199 fmc. Closest alternative is to either know the destination IPs or hope the application tab has a match.
Solved! Go to Solution.
I think there is no option to create rule with FQDN either you need to know the FQDN resolvable IP, If you try creating FQDN in the SLL rule it will not display FQDN objects there. I think its a limitation that cisco need to address in feature releases.
Yeah so I tested adding a site to the subject DN and it didn't decrypt which is good. Does this also do subdomains or do you need to add an asterisk? I was under the impression firepower doesn't llike asterisk characters for wild card.