What does the 'block' option do regarding invalid certificates noted in FortiGate?

The 'block' option in the context of invalid certificates within FortiGate is designed to enhance network security by terminating the connection. When a certificate is deemed invalid, it signifies that the authentication of the device or service is unreliable; this could be due to reasons such as the certificate being expired, self-signed, or not issued by a trusted certificate authority.

By terminating the connection, FortiGate prevents any further interactions that could expose the network to potential security threats. This proactive measure helps protect users from connecting to malicious or compromised sites that could lead to data breaches or other security incidents. Implementing such a strict approach underscores the importance of maintaining integrity and trust in secure communications.

In contrast, options that suggest prompting for a decision, allowing the connection, or taking the certificate as trusted would introduce unnecessary risks and could lead to exposure to malicious entities.