• There are now two modes for SSL inspection: certificate inspection (certificate-inspection in the CLI), which only inspects the SSL handshake, and deep inspection (deep-inspection in the CLI), which enables full deep inspection of SSL traffic (this was previously the default mode for SSL inspection).

• The CLI command https-url-scan has been removed.

• deep-inspection-options has been renamed ssl-ssh-profile.

• The SSL inspect-all option and the https status option now have three states: disable, certificate-inspection, and deep-inspection. The status option for the other protocols now use deep-inspection instead of enabled.