The data for Forward Proxy traffic is based on whether the TLS
handshake is successful or unsuccessful. For unsuccessful TLS handshakes,
the firewall sends error data for the leg of the transaction that
caused the error, either client-to-firewall or firewall-to-server.
For successful TLS handshakes, the data is from the leg that successfully
completes first, which is usually client-to-firewall.
By default, the firewall logs all unsuccessful
TLS handshake traffic. You can also log successful TLS handshake
traffic if you choose to do so. You can view up to 62 columns of
log information such as application, SNI, Decryption Policy Name,
error index, TLS version, key exchange version, encryption algorithm,
certificate key types, and many other characteristics: