You can configure your LAN with your public range, just keep in mind
that the WAN interface subnet must be different. It would be something
along the lines of:Internet -- (173.x.y.z/30 - WAN if) -- FGT -- (
173.a.b.c/29 LAN if)
You can activate SSL Inspection and only check the website CN (hence
preventing all the crazy certificate warnings that you're getting),
here's how:
http://docs.fortinet.com/uploaded/files/1705/fortigate-https-webfiltering-without-ssl-deep-scan-50.pd...
That's absolutely correct, I've read the question in a hurry and
pictured a different problem to solve :) Now since we already told him
that is was possible it would also be nice to show him how to accomplish
the initial goal. You can use this video ...
