Hi everybody,

we are working on project implementation and found the syslog message from FirePOWER have some mismatch to the defined ACP's rules. Does anybody see this issue before? we are running v6.2.3 patch 4, thank you.

say for example. 

A DNS policy have hit by the 443 traffic but the AD-DNS rules only allow TCP & UDP 53 port

Jan Date  Firepower-module1 SFIMS: Protocol: UDP, SrcIP: 192.168.x.x, OriginalClientIP: ::, DstIP: 192.168.x.x, , SrcPort: 55775, DstPort: 443, Flags: 0x0, IngressZone: Outside, EgressZone: Inside, DE: Primary Detection Engine (x.x.x.x), Policy: Office-Firewall_Policy, ConnectType: End, AccessControlRuleName:  AD DNS, AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Block, Prefilter Policy: Default Prefilter Policy, UserName: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 85, ResponderBytes: 233, NAPPolicy: Balanced Security and Connectivity, DNSQuery: outlook.office365.com, DNSRecordType: a host address, DNSResponseType: No Error, DNS_T