Configuring server-side SNI support (needed for Microsoft ADFS)

FortiWeb supports server-side SNI (Server Name Indication). You use this feature when you have the following configuration requirements:

The operating mode is reverse proxy or true transparent proxy.
You offload SSL/TLS processing to FortiWeb and use SSL/TLS for connections between FortiWeb and the pool member (end-to-end encryption).
One or more server pool members require SNI support.

In true transparent proxy mode, use the following CLI command to enable server-side SNI for the appropriate pool member:

config server-policy server-pool
edit <server-pool_name>
config pserver-list
edit <entry_index>
set server-side-sni {enable | disable}

In reverse proxy mode, use the following CLI command to enable server-side SNI in the appropriate server policy:

config server-policy policy
edit <policy_name>
set server-side-sni {enable | disable}