Best Of

I think your problem is not the HTTPS-Proxy action, but the HTTP-proxy action you are using to do inspect.
In the HTTPS-Proxy action, you configure what websites are going to be inspected and what websites are not inspected.
In the HTTP-Proxy action, you then configure what kind of inspecting is done to the websites.
You are probably using and old HTTP-Proxy action that has many outdated configurations that aren’t really working anymore with modern websites.
Nowadays, many modern websites use custom HTTP “X-” headers and if these custom headers are stripped these websites aren’t working correct anymore.
I would increase the “Set the maximum URL path length to” 16384 from the default 4096 value, both in HTTP Request and HTTP Response General Settings.

Security is achieved with the UTM security services, not by denying some HTTP headers.
The idea is more to use the Firebox devices UTM security services to protect your networks and users from attacks and harmful data.

Proxy actions are powerful tools and better suited to example control some web traffic by denying *.exe file downloads
or denying example on-line media content with denying HTTP headers, etc...
For normal daily web browsing, I would use the default “open” HTTP-Client.Standard action + UTM Security services!

Check following video where I show my new best practice HTTP Proxy action that is based on the WG Cloud Managed Firebox proxy action + couple setting
that I have enabled.

https://app.screencast.com/zooMlmsGhhJpS

Did you install the firewall certificate on your PCs?

What do you see in Traffic Monitor when you try one of these accesses?
Seems like something is being stripped or denied

Hi @MoSeSe

What does the browser say when portions of the page are not loading properly? Do you see any certificate warnings (either in the address bar, or in developer mode via the network tab)

The instructions to generate a HAR file will get you in developer mode so you can seee more errors:
(Generate a HAR file)
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000WOm9SAG&lang=en_US

If you haven't done so I'd suggest opening a support case.

@MoSeSe when you enabled the inspect mode in the HTTPS-proxy what (HTTP) Proxy Action did you chose?
The default HTTP-Client.Standard, HTTP-Client or your own customer action?
Please try to change to the default HTTP-Client.Standard action…

Please check the following HTTPS-Proxy & content inspection config video I made couple years ago to some of our WG customers…
https://app.screencast.com/1HYxSGyJD1mm1

In the HTTP-Proxy settings, you configure what checks the firewall performs on web browsing traffic (HTTP and HTTPS).
In the HTTPS-Proxy settings, you configure which HTTPS websites are checked and which HTTPS connections are not checked.

The HTTPS-Proxy policy can be used in two ways.
Without content inspection feature, the only UTM feature that can be used is WebBlocker.
With content inspection enabled, now all the UTM features can be used to inspect HTTPS traffic.

00:00 – 07:25
Adding a HTTP-Proxy policy and configuring UTM settings in the HTTP-Proxy.
Adding a HTTPS-Proxy policy without content inspection and a WebBlocker config.
Browsing from a Windows workstation to veikkaus.fi (gambling site) that is blocked, the user does not see any WebBlocker block message.
Browsing to some other websites and show how to check the HTTPS sites certificate details.

07:30 – 09:15
Enabling content inspection settings in the HTTPS-Proxy policy.
Browsing from a Windows workstation now shows a certificate error and prevents browsing.

09:20 – 11:10
Firebox HTTPS-Proxy Authority certificate import to the Windows workstation.
Browsing from the Windows workstation to veikkaus.fi (gambling site) that is again blocked, but now the user sees the WebBlocker block message.

11:15 – 12:35
Bypassing content inspection of OP.fi (bank) website in the HTTPS-Proxy policy under Domain Name settings.
Browsing from the Windows workstation to the OP.fi (bank) site that is bypassing the content inspection.
The sites certificate is now displayed with the bank's own certificate info.

12:36 – 15:49
Change the Content Inspection to use WebBlocker category in HTTPS-Proxy policy. (recommended way to configure content inspection in the HTTPS-Proxy)
Bypassing bank web sites in WebBlocker categories in HTTPS-Proxy
Now all bank websites are now bypassing the content inspection and are using the bank's own certificates.
Other websites are inspected and are using the Fireware HTTPS Proxy certificate.

Hi @MoSeSe
I would suggest opening a support case.