FGT200B 5.2.2

I enabled my first SSL deep inspection for inbound SSL traffic. I setup a VIP (see config below). I am protecting exchange 2010 OWA (aka webmail).

since enabling this SSL protection, most android clients still connect, but a small percentage of them stop syncing email after about 12 to 24 hours. If they reboot their phone the issue is resolved for 12 to 24 hours. when syncing stops, the android native email client shows a security warning and says their is a problem with the certificate. The android log files shows a common SSL error:

IOException javax.net.ssl.SSLPeerUnverifiedException: No peer certificate

Samsung S4, Android 4.4.2 and 5.0.1 - not working

Android 4.4.4 - no issues

I wish I knew what was wrong. :(

 edit "Webmail_HTTPS"         set comment "SSL for Webmail"         set type server-load-balance         set extip x.x.x.150         set extintf "any"         set server-type https         set http-ip-header enable         set monitor "Ping-Mon"         set ldb-method first-alive         set extport 443             config realservers                 edit 1                     set ip x.x.x.149                     set port 443                     set max-connections 9000                 next             end         set ssl-mode full         set ssl-certificate "webmail_exp2018"         set ssl-min-version tls-1.0         set ssl-client-renegotiation secure     next