...
Given the ease of availability of the Untangle NG Firewall, I used their SSL Inspector as an example. By default the Untangle SSL Inspector did not inspect traffic to https://badssl.com. As a result, I modified the default configuration of the SSL Inspector to inspect all HTTPS traffic. The other product tested is the Entensys UserGate UTM product, which also provides SSL inspection capabilities. Note that by default UserGate rule "Decrypt for all unknown users" does not select the "Block sites with invalid certificates" option, meaning that the client is allowed to connect to sites with invalid certificates.
...