I have numerous clients that have rolled out the SSL portals/SSL VPNS and they are failing pentest's, compliance testing, cyber security insurance requirements.
While I understand Fortigate published this article.
The fact remains the devices are failing, verification. We are having to switch over to IPSEC. The developers need to take this matter more seriously.