Global option for proxy-based certificate queries
In some cases you may want to be able to send certificate queries using a FortiGate-7000E management interface instead of a data interface. FortiGate-7000E includes the following global command that you can use to enable or disable using a data interface or a system management interface for certificate queries for proxy-based firewall policies.
config global
config system global
set proxy-cert-use-mgmt-vdom {disable | enable}
end
This option is disabled by default and by default data interfaces are used to send certificate queries for proxy-based firewall policies. Enable this option to send certificate queries for proxy-based firewall policies through the mgmt-vdom VDOM using FortiGate-7000E management interfaces.