Separate virtual-server client and server TLS version and cipher configuration
In some cases, you may want the to use different versions of SSL or TLS on the client to FortiGate connection than on the FortiGate to server connection. For example, you may want to use the FortiGate to protect a legacy SSL 3.0 or TLS 1.0 server while making sure that client to FortiGate connections must always use the higher level of protection offered by TLS 1.1 or greater. Also, in some cases you might want to protect a server that only has weak ciphers (for example, DES or RC4) while making sure that all connections between the FortiGate and the client use a strong cipher for better protection.
The following options are available when configuring server load balancing for HTTPS sessions configured with the following command:
config firewall vip
edit server-name
set type server-load-balance
set server-type https
set ssl-mode full
...