SSL Offloading

When adding server-to-certificate pairs, a cleartext option is available. This option indicates that the portion of the TCP connection between the firewall and the local server will be in the clear without SSL layer, thus allowing SSL processing to be offloaded from the server by the appliance.

* 
NOTE: For such configuration to work properly, a NAT policy needs to be created on the Network > NAT Policies page to map traffic destined for the offload server from an SSL port to a non-SSL port. For example, in case of HTTPS traffic being used with SSL offloading, an inbound NAT policy remapping traffic from port 443 to port 80 needs to be created in order for things to work properly.