Acerca Fortiguard y SSL:
1. Full SSL inspection
When full SSL inspection is used, the FortiGate impersonates the recipient of the originating SSL session, then decrypts and inspects the content. The FortiGate then re-encrypts the content, creates a new SSL session between the FortiGate and the recipient by impersonating the sender, and sends the content to the sender.
When the FortiGate re-encrypts the content it uses a certificate stored on the FortiGate. The client must trust this certificate to avoid certificate errors. Whether or not this trust exists depends on the client, which can be the computer’s OS, a browser, or some other application, which will likely maintain it’s own certificate repository.
2. SSL certificate inspection
FortiGates also supports a second type of SSL inspection, called SSL certificate inspection. When certificate inspection is used, the FortiGate only inspects the header information of the packets.
Certificate inspection is used to verify the identity of web servers and can be used to make sure that HTTPS protocol isn't used as a workaround to access sites you have blocked using web filtering.
The only security feature that can be applied using SSL certificate inspection mode is web filtering. However, since only the packet is inspected, this method does not introduce certificate errors and can be a useful alternative to full SSL inspection when web filtering is used.
Con otras palabras, digamos que Comcel opta por método numero 2, en este caso no se le examina el paquete, sino el encabezado del paquete.
Con este metodo pueden asegurar que nadie salta los bloqueos de paginas web usando SSL.
No puedo decir con certeza cual de los metodos esta usando Comcel, numero 1 puede generar errores de certificado así que probablemente es método 2.
Lo anterior es información directamente de la pagina de FortiGate.
Escorpiom.