Allow only SSL compliant traffic
This option is only available for XTM devices that run Fireware XTM OS v11.8.1 or higher.
Select this option to enable your XTM device to only allow traffic that is compliant with these SSL protocols:
If you select the Enable deep inspection of HTTPS content check box on the Content Inspection page, this option is disabled.
When this option is not selected, if content inspection is not enabled, the HTTPS-proxy allows any traffic over port 443 (the default port for the HTTPS-proxy). If this option is not selected and content inspection is not enabled, and you create a custom HTTPS-proxy that users another TCP port for SSL traffic, the HTTPS-proxy allows all SSL traffic.
Configure these settings to specify how long the HTTPS-proxy waits for the web client to make a request from the external web server after it starts a TCP/IP connection, or after an earlier request for the same connection. If the time period exceeds this setting, the HTTPS-proxy closes the connection.
To enable this feature, select the Connection timeout check box. In the adjacent text box, type or select the number of minutes before the proxy times out.
Enable logging for reports
To create a traffic log message for each transaction, select this check box. This option increases the size of your log file, but this information is very important if your firewall is attacked. If you do not select this check box, you do not see detailed information about HTTPS-proxy connections in reports.
Override the diagnostic log level for proxy policies that use this proxy action
To specify the diagnostic log level for all proxy polices that use this proxy action, select this check box. Then, from the Diagnostic log level for this proxy action drop-down list, select a log level:
The log level you select overrides the diagnostic log level that is configured for all log messages of this proxy policy type.
For more information about the diagnostic log level, see Set the Diagnostic Log Level.
About Proxy Policies and ALGs
About the HTTPS-Proxy