FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nvisentin_FTNT
Article Id 190737
Description
When using load balancing with SSL Offloading in a Virtual Server configuration (i.e. the server-type is https), the Fortigate sends empty fragments by default.
Sending empty fragments is a technique used to avoid cipher-block chaining (CBC) plaintext attacks if the initiation vector (IV) is known.
Some older or buggy SSL implementations cannot properly handle empty fragments on the client side or the server side.
One of the side effects is that the client cannot upload large files to the Web Server through HTTPS.
Scope
FortiOS 4.0 and above
Solution
It is possible to disable empty fragments in the Virtual Server configuration with the following CLI parameter :

config firewall vip 
edit "your_HTTPS_VirtualServer"
set ssl-send-empty-frags disable
end

Contributors