FortiGate Firewall Web Filtering , File filtering, and Antivirus engine sequence

The FortiGate firewall has several layers of traffic filters and AV engine to protect your network. The sequence differs between firmware releases in order to introduce new feature or flexibility.

For example, on a FortiGate running release 3.0 MR5, and with all the filters and engine being enabled, filtering takes place in the following order:

• URL exempt list
• File block
• File oversize
• AV scan

This means:

• The exempt list takes effect first. If the traffic is in the exempt list, the firewall will let it pass.
• If the traffic is not in the exempt list, the file block list is checked. If it is in the block list, it will be blocked.
• If the traffic is not in the exempt list or in the file block list, the file size will be checked. If the file size exceeds the threshold and the FortiGate setting is "Block", the traffic will be blocked. If the FortiGate setting is "Pass", the firewall will let it pass.
• If the traffic is not in the exempt list, nor in the file block list, and is not beyond the file size threshold, it will be scanned for viruses.