See the overview of Strengthening TLS/SSL Settings for information about weak protocols.
To restrict Access Gateway to communicate with back end web servers only using TLS 1.1 and TLS 1.2 protocols, click Devices > Access Gateways > Edit > Advanced Options and add the following configuration:
SSLProxyProtocol TLSv1.1 +TLSv1.2
While setting the protocol, ensure that the web server supports the configured protocol. For example, if Access Manager supports TLS1.1, but the web server does not support that, the connection will fail.
For more information about SSLProxyProtocol directives, see SSLProxyProtocol Directive documentation.