Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
Whether to block sessions if server's certificate is expired.
Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
Whether to block sessions if the revocation status check for server's certificate results in "unknown".
Whether to block sessions if SSL cipher suite is not supported.
Whether to block sessions if SSL version is not supported.
Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
Update Request for SSLForwardProxy used on the firewall policy rules.