Our FMC server is constantly detecting this intrusion (SMTP_COMMAND_OVERFLOW) from the same host which is our cloud-based Cisco ESA appliance.

How should I deal with this?

My inclination is to trust this host, but not sure if I should just whitelist the IP or what?

Looking for some guidance on this?

Is there a way to have this host bypass ONLY this detection but still leaving it in play for file/malware inspection?

Thanks in advance.

NM