I know FTD can block traffic based on Application and/or port.  So, I could create one ACP rule to block TCP 22 and/or I could also create a ACP Rule for blocking SSH and OpenSSH traffic.

Question: Is there a way to block, let's say SSH when it tunnels HTTP but not when it carries native SSH traffic?  SSH is encrypted traffic, so it would mean that the firewall would need to do a MITM on the 1st connection between the SSH client and the server.  I don't think that FTD can do MITM on SSH.

Thanks for letting me know your thoughts on this.