Troubleshooting Tip: How to use a workaround for 'cannot access some https websites' after upgrade to v7.2.11

After the upgrade to v7.2.11, the user cannot access some HTTPS websites before the upgrade.

This could be due to a change introduced in v7.2.11: Changes in default behavior

Workaround:
Since the change only affects the firewall with flow mode inspection. Change the firewall policy to proxy mode inspection so that users can access HTTPS websites as usual before upgrading to v7.2.11

Note:

• Starting from FortiOS v7.6.0, the default firewall action is set to 'allow,' and the 'cert-probe-failure' option for SSL inspection profiles is no longer available on specific models like 40F, 41F, 60F, and 61F, as proxy-related features were removed starting in v7.4.4.
• Configuration of SSL-SSH inspection profiles involves commands such as 'config firewall ssl-ssh-profile,' 'edit,' and 'config https,' with the ability to set 'cert-probe-failure allow' from v7.2.4+ and v7.4.0+ for custom deep SSL inspection profiles, provided that 'inspect all ports' is disabled.
• It is important to note that before versions like v7.4.5, 7.2.11, and 7.6.1, switching from PROXY-BASED to FLOW-BASED inspection could bypass SSL anomalies because certificate inspection was not enforced in flow mode before these updates, but starting with these versions, certificate inspection enforcement is active, which may impact SSL traffic handling and troubleshooting.