Not sure about the answer but I got curious. Do you really have a
connection that will stay idle for more than 217 days ? I'm not sure if
any OS would support that.
You can configure your LAN with your public range, just keep in mind
that the WAN interface subnet must be different. It would be something
along the lines of:Internet -- (173.x.y.z/30 - WAN if) -- FGT -- (
173.a.b.c/29 LAN if)
You can activate SSL Inspection and only check the website CN (hence
preventing all the crazy certificate warnings that you're getting),
here's how:
http://docs.fortinet.com/uploaded/files/1705/fortigate-https-webfiltering-without-ssl-deep-scan-50.pd...
