In SSL offload/sandwich mode, a decode device receives SSL connections and decrypts the traffic, then sends HTTP (non SSL) traffic to the FortiGate for NGFW/UTM inspection. If the session needs to be blocked and a replacements message displayed, the FortiGate delivers the message directly back to the client over HTTPS.
The following CLI command has been added per VDOM:
config authentication setting set rewrite-https-port <port> .... end
This example sets the HTTPS rewrite port to 8080:
config authentication setting set active-auth-scheme '' set sso-auth-scheme '' set captive-portal-type fqdn set captive-portal '' set captive-portal6 '' set captive-portal-port 7830 set auth-https enable set captive-portal-ssl-port 7831 set rewrite-https-port 8080 end