I agree, but if I'm not mistaken you can't inspect SSL/encrypted traffic without deep packet inspection enabled. You will need a valid cert from your CA Server or push the Self-signed cert to all your clients via GPO or something.
" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds
The only way for DLP to be applied to HTTPS traffic is to use full SSL inspection, as is done in the deep-inspection profile. We have a recipe on the Fortinet Cookbook about preventing certificate warnings that could help you out once you do use it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.