RE: HTTP to HTTPS redirect
It sounds like the initial connection needs to be made over port 80 and connect to the server on port 443, not the reverse.
My knowledge usually only expands through training, helping others with their tickets, or when someone calls in because something is wrong (no one calls in when everything works!)
All that being said, a VIP used as a virtual server for a reverse proxy can be set with ssl-mode full or half.
Full encrypts both legs (client > FortiGate and FortiGate > server). Half encrypts the client > FortiGate portion. In both cases, unless I' m missing something, you still need the client to target port 443 on the FortiGate.
Please feel free to pile on if there are exceptions. The CLI reference for OS 5.0 details this under ' config firewall vip' on page 228.