Technical Tip: Processing Order of UTM Profiles in FortiGate Firewall Policies
Description
This article describes the order of processing UTM profiles configured in firewall policies.
Scope
FortiGate.
Solution
FortiGate applies the inspection profiles in the following order:
- IPS.
- Application Control.
- VoIP.
- DLP.
- Antispam.
- Web Filtering.
- Antivirus.
If the policy inspection mode is flow-based, the IPS engine is responsible for processing the traffic in the following order:
IPS -> Application Control -> Web Filtering -> DLP -> Botnet checking -> AntiVirus.
If the inspection mode is proxy-based, the IPS engine performs IPS, Application Control, and Botnet checking; the rest of the profiles will be handled by a proxy.
Note: Exempting a URL in the web filter causes it to bypass antivirus scanning by default.
For a detailed explanation of the packet processing: Parallel Path Processing
Note: From 7.6.3, FortiGate models with 2GB of RAM or less no longer support FortiOS proxy-related features. UTM profiles with proxy-based inspection mode were also removed. See Proxy-related features not supported on FortiGate 2 GB RAM models | FortiGate / FortiOS 7.6.3 | Fortinet Document Library.