| The firewall intercepts the browser traffic
per the Authentication policy rule and impersonates the original destination
URL, issuing an HTTP 401 to invoke authentication. However, because
the firewall does not have the real certificate for the destination
URL, the browser displays a certificate error to users attempting
to access a secure site. Therefore, use this mode only when absolutely
necessary, such as in Layer 2 or virtual wire deployments. |