This issue is commonly encountered when performing external PCI scans (e.g., from Qualys or other vendors), usually against the FortiGate WAN interface.

The test fails with the result: 'The web server stopped responding to 4 consecutive HTTP requests 2 minutes ago. Although it resumed responding to a new HTTP request but the service had terminated further scanning of the web server to avoid interrupting the web server's normal functionality and a prolonged scanning time'.

1. HTTPS Server Certificate Mismatch: When the FortiGate uses a self-signed Fortinet certificate for HTTPS administrative access, external scanners may not trust or correctly parse the SSL handshake. This causes the scan to temporarily fail or skip web-layer tests.

To resolve this:

• Go to System -> Settings.

• Under the HTTPS server certificate, ensure to use a publicly trusted wildcard or domain certificate.

• The CN (Common Name) or SAN (Subject Alternative Name) field in the certificate should match the FQDN or IP used in the PCI scan.

Example:

If the certificate CN is abc.example.com , ensure the scan is targeting https://abc.exmaple.com and not a raw IP.

2. HTTPS Service Enabled on WAN Interface: In some setups, the FortiGate WAN interface may have the HTTPS service enabled for remote admin access. However, during PCI scans, this can result in unexpected behavior, causing the scan engine to abort tests prematurely.

To resolve this:

• Go to Network -> Interfaces.

• Edit the WAN interface on which the test is run.

• Under Administrative Access, disable HTTPS.

Following these recommendations will help ensure the FortiGate passes exhaustive web-based PCI tests without interruption.