Description
This article explains how to disable HTTPS replacement messages for explicit proxy traffic.
Solution
Disabling HTTPS replacement messages is helpful to avoid certificate errors when an HTTPS website is blocked by the FortiGuard Web filter/URL filter.
This setting is useful when SSL deep inspection is not used on the FortiGate unit to avoid certificate errors while accessing HTTPS websites.
Without SSL Deep scan, FortiGuard Web filter/URL filter can extract the hostname from the CN field in the certificate or the SNI extension in TLS extended client hello to rate the websites.
Note then when the replacement message is disabled, the user will not get any message on the browser when access to the website is blocked.
Configuration CLI:
config web-proxy explicit
set https-replacement-message disable
end