SSL Full Proxy: You need to define the port number and respective routing instances.

1. Explicit-This processes the SSL/TLS traffic destined to a particular IP address and a port. You must configure the clients with the proxy IP and the port.

2.Transparent- This processes the SSL/TLS traffic designated to any IP but to a particular port.

SSL Forward Proxy decryption- This will forward all the proxy traffic to the third party after hand-shake done.

You must set up the certificates required to establish the firewall as a trusted third party to the session between the client and the server.

The firewall can use self-signed certificates or certificates signed by an enterprise certificate authority (CA) as forwarding trust certificates to authenticate the SSL session with the client.

When the client initiates an SSL/TLS handshake towards the server, proxy applies the decryption policy to determine if the traffic needs to be decrypted, if the policy action is to decrypt, it uses the matching SSL profile to initiate the SSL Handshake towards the server, it inspects the server certificate and the other SSL attributes from the SSL handshake stream, if the inspection is successful it completes the SSL handshake with server and generates a server certificate signed with the public key available in the SSL proxy profile and resumes the SSL handshake towards the client.