I try to use the load balancing module as a reverse proxy.
My goal is to protect the OWA of my exchange.
So. When i create a virtual server for HTTP (any port) from my external ip to any internal web server using HTTP (real server) and also creating the necessary ipv4 policy, it works fine.
But, when i try to create a virtual server for HTTPS (any port) or HTTP (any port) from my external ip to my exchange server using HTTPS (real server) and also creating the necessary ipv4 policy, it doesn't work.
I see you do SSL full inspection with Fortinet CA. There are few options depending on what you try to achieve:
1) stop SSL full inspection for this flow
2) install Fortinet CA on all computers
3) change Fortinet CA to your CA if you have local certificate authority
1. at the ipv4 policy either i have no ssl inspection or i have a profile with fortinet ca cert and ssl cert inspection, and at the virtual server conf either i have full offloading or client<-->fgt, i got the same result.
2. it is impossible to install the certificate to all computers because our mail users use the OWA from their homes also, so it is very difficult to install the cert there. But even if i tried to my laptop i couldn't access the server. Same response.
3. i don't have any other certificate except from the self-signed cert of the microsoft exchange server
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.