I've encountered the same thing but the vast majority of sites work
fine. I'll whitelist sites like backup services, banking, or other sites
that use HSTS but after a few weeks and getting over the initial hump, I
rarely have to make edits.
Correct, it's very easy to downgrade. Go to System -> Firmware and
upload the 6.2.3 image, which will trigger a reboot. After the unit
comes back up, restore your 6.2.3, which will trigger another reboot and
that's it.
The 6.4 train has been very good. One of my customers has been running
6.4.8 on a pair of 1800F's for a few months and it's been solid.I also
have a 100F that has been stable since 7.0.5. I had severe issues with
7.0.2 and 7.0.3 and had to stay on 7....
They are called "Virtual Domains" or "VDOM's" in the FortiGate world.
You have to enable VDOM's with the
CLI:https://kb.fortinet.com/kb/viewContent.do?externalId=FD39611Most
FortiGate's support 10 VDOM's by default and the higher end platforms
can su...
I know expired services can end up blocking web access, although it's
inconsistent in my experience. I'm not sure what effect expired services
would have on traffic with a DNS Security Profile configured.