FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes the recommended configuration on the FortiGate for an HTTPS Virtual Server with deep inspection.
Scope FortiGate

1) Import the server certificate.

Go to System - > Certificates and select Create/Import - > Certificate


Import certificateImport certificate


2) Configure the Virtual Server.

Go to Policy & Objects - > Virtual Servers and select 'Create New'.


Virtual Server configurationVirtual Server configuration


Note: In SSL-offloading choose the imported certificate.


3) Configure the SSH/SSL profile

Go to Security Profiles - > SSL/SSH Inspection and select 'Create New'.


SSL/SSH profile configurationSSL/SSH profile configuration


Note: 'Inspect All Ports' should not be set as the port for this setup is already known and it may lead to a performance degradation.


4) Configure policy

Go to Policy & Objects - > Firewall Policy and select 'Create New'.


Policy configurationPolicy configuration


Note: Inspection mode must be set to proxy, otherwise the Virtual server will be filtered out in the 'Destination' field.


Related KB article:

Technical Tip: Configure virtual server