Assuming this is a non-transparent web proxy then it would provide some
anonymity protection where the traffic session would be sourced from the
proxy itself. e.g. the destination would only see the web proxy IP
rather then your IP address. Although ...
FortiOS WCF also inspects SNI portion of a cert (actually from the
client hello) prior to inspecting the server CN cert portion. With this
is should address the web filtering of the actual destination the end
user is going to. see
https://kb.fortinet...