Best practice for building security policy is. For allow traffic always define the service as application-default, that way you only create session for applications on there default port and only perform application ID for those session this reducing the load on the unit from both a session and application id perspective. This works great, untill you switch on SSL decryption. At these point all your traffic starts failing as the traffic is now not on the default port of the application but more than likely on port 443. So far the only solution to this problem is to change all the services to all, which increases the session count and increases the load on the app id processor. What is the solution to this problem? I feel this problem can only be resolved by one of two ways. 1. Set all applications default ports to include 443 or 2. Allow the ability to define application default and additional services in the service column. Can someone please advise, is there a feature request for this feature, without it I don't see the SSL decryption functionality to be much more than a tick in the box rather than a feasible solution to larger deployments?
... View more