HTTP/3 inspection and how it works
In HTTP/3 inspection the Security Engine inspects the entire connection by decrypting the data sent by both client and server.
After inspection, it re-encrypts the data before forwarding it to the intended recipient. In order to do this, the Security Engine acts as a server to the actual client and as a client to the actual server. During the QUIC handshake the security engine sends a server certificate that is issued by the client protection Certificate Authority (CA) certificate to the client. This process is similar to the TLS inspection that is performed for TCP or TLS connections.
Note: The HTTP/3 inspection requires that a browser or other HTTP/3 client can be configured to trust the exported client protection CA certificate of the Security Engine as the root certificate
authority. This certificate is then used to issue the server certificate chain.