I have a firewall with URL filtering enabled. SSL is also enable for this filtering. When client try to communicate with google.com (example), first it get IP of google from DNS and then start TCP 3 way handshake process. All communication go through firewall and client-server establish TCP connection. Now they start SSL handshake and establish that also. But when I check certificate detail after opening google page, it shows my firewall certificate. How does this happen.
As I know first TCP session does establish and then SSL. If TCP session does establish direst with google server then how does firewall certificate come in picture because SSL should also get establish with google server. How this all happen. Even I checked on wireshark also. i saw there that First TCP build with server and then TLS with same server IP. But certificate in browser was from my firewall. If TCP and SSL connection is with actual server IP only then how firewall certificate come in between.