You have an explicit proxy and you want to forward HTTPS connections to an upstream server (not a proxy). You have configured the forwarding host with HTTPS (or TCP Tunnel) but when you try to connect, you get 503 Service unavailable error message.
One of the reasons why this happens is that you do not have 'detect protocol' enabled. Without this setting, the ProxySG does not know what service the CONNECT request is for, so it will simply forward the actual CONNECT request.
Web servers do not understand CONNECT requests, generally only proxies do. With detect protocol enabled, the SG can determine that this is going to be an SSL (specifically HTTPS) connection and can then initiate the upstream TCP and SSL handshakes, rather than sending the actual CONNECT request upstream.
In Wireshark you will see something like this on the client side connection:
Imported Document ID: 000015701
Subscribing will provide email updates when this Article is updated. Login is required.