After upgrading to FortiOS 7.2.6 or 7.4.1, if the 'ssl-mode' of the Virtual Servers configuration is set to 'full', the Virtual Servers may not work properly. Below is an example where Virtual Servers are configured with 'ssl-mode full':

config firewall vip
    edit <VIP_name>
       set uuid <ID_of_UUID>

       set type server-load-balance

       set server-type https

       set extip <IP_address>

       set extintf "any"

       set http-ip-header enable

       set monitor <Name_of_the_health_check_monitor>

       set color 9

       set ldb-method least-session

       set persistence http-cookie

       set extport 443

       config realservers
           edit 1
               set ip <IP_address>
               set port 443
           next
           edit 2
               set ip <IP_address>
               set port 443
           next
           edit 3
               set ip <IP_address>
               set port 443
           next
       end
       set http-multiplex enable
       set ssl-mode full
       set ssl-certificate <Certificate_name>

    next
end

In order to fix the issue, execute the following commands on the Virtual Servers which are not working properly:

config firewall vip
    edit <VIP_name>
       set server-type ssl

    next
end

After executing the above commands, the issue with Virtual Servers should not be present anymore.

The 'server-type' defines the protocol to be load balanced by the virtual server.

When 'server-type' is set as HTTPS, only the HTTPS sessions with the destination port number that matches the Virtual Server Port setting are load balanced.
When 'server-type' is set as SSL, only SSL sessions with the destination port number that matches the Virtual Server Port setting are load balanced.

More information can be found in the following documents:

• Config firewall VIP - FortiGate CLI reference
• Virtual Server - FortiGate cookbook