IMPORTANT NOTE : Never set both checkboxes "Forward Trust Certificate" and "Forward Untrust Certificate" in the same certificate, and do not have the "Forward Untrust Certificate" deployed under a trusted certificate chain. If you do this, it will cause the firewall to present client devices with a CA certificate they trust, even when they connect to websites or applications that are presenting with invalid certificates to the firewall.
My SSL inspection cert is selected forward trust, forward untrust, and trusted root CA...
I am using an MS CA setup.
... View more