Procedure

Before you begin

If you have not already, review these procedures and follow the procedures in them:

Procedure

Step 1	In the left pane, click Security Devices.
Step 2	Click the Devices tab to locate the device or the Templates tab to locate the model device.
Step 3	Click the FTD tab and select the device for which you want to configure the default SSL decryption action.
Step 4	Click Policy in the Management pane at the right.
Step 5	Click SSL Decryption in the policy bar.
Step 6	Click the Default Action button.
Step 7	Select the action to apply to matching traffic: Do Not Decrypt—Allow the encrypted connection. The access control policy then evaluates the encrypted connection and drops or allows it based on access control rules. Block—Drop the connection immediately. The connection is not passed on to the access control policy.
Step 8	(Optional.) Configure logging for the default action. You must enable logging to capture events from SSL Decryption policies. Select from these options: At End of Connection—Generate an event at the conclusion of the connection. Send Connection Events Toâ€”If you want to send a copy of the events to an external syslog server, select the server object that defines the syslog server. If the required object does not already exist, click Create New Syslog Server and create it. (To disable logging to a syslog server, select Any from the server list.) Because event storage on the device is limited, sending events to an external syslog server can provide more long term storage and enhance your event analysis. If you have a subscription to Cisco Security Analytics and Logging, specify or create the syslog server using a Secure Event Connector's IP address and port. See Cisco Security Analytics and Logging for more information about this feature. No Logging—Do not generate any events.
Step 9	Click Save.
Step 10	Review and deploy now the changes you made, or wait and deploy multiple changes at once.