Hello everyone,
I'm currently running Firepower 6.2.3.9-54 on ASA 5516-X 9.8(3)-16 (currently running in monitor only mode). I've created an SSL Policy and attached it to an ACP. The SSL Policy is configured to 'Decrypt - Known Key' for a single web server that lives on my inside network. The SSL Policy default action is 'Do not decrypt'. The issue I'm having is that I'm seeing a lot of connection events with Action 'Block' and SSL Status of 'Block (Decryption Error)' for connections to web sites that are not specified in my SSL Policy (as I said I only have one internal server listed in the SSL Policy). I've even created a SSL Policy that has not rules defined except the default action that is set to 'Do not decrypt' and I'm getting the same results.
Please help as I will not be putting Firepower inline until I can resolve this very strange issue as it will cause havoc for my users.
Thank you!
Steve