I’m currently testing Cisco Firepower Threat Defense (FTD) version 6.3 deployed in EVE-NG, and it’s managed by Firepower Management Center (FMC) version 6.7.
I’ve configured an SSL decryption policy to perform SSL inspection on all outbound HTTPS traffic. The policy is working as expected for most domains (e.g., Google, YouTube, etc.), but I’ve noticed that SSL inspection is not applied to wikipedia.org and its subdomains, even though:
- There are no exclusions or bypass rules configured in the SSL policy.
- The domain is not listed in any trusted CA override or rule.
- No rule explicitly matches or excludes Wikipedia.
- The client browser shows a direct connection using the real Wikipedia certificate, not the re-signed one from the FTD device.
I’ve double-checked the access control policy, SSL rules, and certificates, and everything seems fine. I’m wondering if this could be related to:
- A default system-level bypass in FTD for specific websites?
- Some behavioral limitation when running FTD in EVE-NG?
Has anyone experienced similar behavior with Wikipedia or other major domains not being inspected? Any ideas or suggestions for troubleshooting this would be greatly appreciated.
