I was wondering if for e.g. especially for Inbound SSL-Decryption Rules it is possible to integrate Cisco Firepower appliances with any 3rd party HSM, so that private keys, etc. will remain outside the Firepower appliance ?
If you put an SSL appliance inline with the Firepower device you can get the traffic in decrypted form and inspect that.
If you're using an SSL policy on the Firepower device and specifying decrypt-and-resign as part of the policy then the decryption has to be done on the Firepower device itself - not on an HSM or other appliance.