I ran into the following problem when configuring a Fortigate Firewall.
I created a general purpose internet rule on the Fortigate. Which looks like this:
Internal networks – to – Internet // protocols : tcp/80/443
Now a days you want to verify if a DNS zone is secure and verified correctly with DNS sec. This is how you do it on a Netscaler if you ever wondered :-).
Configuring server-side SNI support (needed for Microsoft ADFS)
FortiWeb supports server-side SNI (Server Name Indication). You use this feature when you have the following configuration requirements:
The operating mode is reverse proxy or true transparent proxy.
You offload SSL/TLS processing to FortiWeb and use SSL/TLS for connections between FortiWeb and the pool member (end-to-end encryption).
One or more server pool members require SNI support.