Case Scenario: I have a service from ISP as they are forwarding traffic to my corporate, but the IPs directed to my network is the ISP''s IPs. so I asked them to set x-forwarded (which mean to insert the source ip in the header instead of their ip), but they need to have ssl certificate of my corporate so they can decrypt the traffic and encrypt it again with the source ip of the original ip, not isp's IP address.
Required - Need to understand the security risk in this case, is there any risk, gif so what are they, what if there is an alternative option?