Re: Fortigate vulnerability
I know that this thread is old, but I just had the same issue in version 6.2.3.
The issue is that the scanner is expecting that the SSL Cert is protecting a web server. And that the web server should/could add in the x-headers that the scanner is expecting back.
But SSLVPN is not a webserver, and has no ability to send those x-headers.
The solution was to contact the scanning vendor (Qualys in my case), and let them know the situation. They understood immediately what I was describing, and created a case to get an exception added to that site. Once that was done, the scan passed without issue.