If there's no decrypt policy, the traffic would be identified as app=SSL port=tcp/443 as seen in your log screenshot. The PA would not be identifying other apps inside of that SSL session so the session stays at SSL.
If SSL decryption is triggerred, we would initially see the app=SSL port=tcp/443. Once decryption occurs, the PA can see inside the SSL session and ID other apps. However, all apps tied to this session will be running over port tcp/443.
I just tested with 7.1.0 and I was able to hit multiples SSL sites (bank, google, yahoo mail, gmail) and the SSL decryption worked for me. Here's a snapshot of my traffic log where the app web-browsing was discovered after decryption and it occurs over port tcp/443.
I ended up deleting my general rule and recreating your suggested rule and my existing rule and this seemed to do the trick. Not quite sure why this made a difference. Perhaps I fat fingered the rule before.
Ultimately, I feel that something as simple as not having 443 included in the web-browsing app as a potential port is going to cause allot of grief and support tickets. I appreciate the new method in which the rules are now handled, but we as engineers request that things remain simple. I'm more concerned that other applications that may get bundled in SSL (but not have SSL in their app-id ports) may also fall victim to this issue. I'm not quite sure how applications inside something such as a SSL VPN will be handled.
Thanks for the assistance in this, I learned something.
I had this same issue after upgrade from 7.0.12 to 7.1.7 and so far support has not been able to figure out why my decryption stopped working. I put in a rule for web-browsing for tcp/443 as suggested in this post and my decryption seems to be working again. Great work on this post guys!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!