We are constantly receiving the Health Monitoring message "AMP for Network Status - Successfully connected to cloud. FTD1: Number of files detected in traffic exceeds module threshold.
We believe this is due to File Sharing between our hosts and our File Server behind our FW. Everytime a host opens a file; everytime that file is modified and saved etc., the Firepower sees the file as new and unknown and it sends the file up to AMP cloud for inspection.
This didn't begin to happen until we moved our File Servers behind the FW.
Has anyone experienced this?
Is it best practice to not apply Malware & File policy to traffic between our agency hosts and our agency FW?