Skip to main content
fjulianom
fjulianom
Explorer II
February 4, 2022
Question

About inspection modes on FortiGate

  • February 4, 2022
  • 1 reply
  • 3607 views

Hi community,

 

I know the inspection mode is how FortiGate scans the traffic in a firewall policy. Flow-based is like looking at the TCP flow or taking snapshots of the traffic, and in proxy-based mode FortiGate intercepts the traffic like a man-in-the-middle scenario. But why I have to define flow-based or proxy-based mode in the firewall policy if after that I also have to define flow-based or proxy-based mode in a security profile, e. g. antivirus or web filtering. It is like I am configured the same thing twice?

 

Regards,

Julián

1 reply

jangelis
Staff
jangelis
Staff
February 4, 2022

Hello Julián,

Yes, it seems you must configure the profile twice, but the reason is the features available in flow mode might be different from those available in proxy mode.

And after you select the mode of your choice, you should not be able to select the profiles for the other mode

Regards,

Jakub

fjulianom
fjulianomAuthor
Explorer II
February 4, 2022

Hi,

 

I know the features are different, but it makes no sense to configure the same thing in different sections. In other words, what does it mean “inspection mode proxy-based”? And what does it mean ”antivirus profile proxy-based”? And what’s the difference between them?

 

Regards,

Julian

jangelis
Staff
jangelis
Staff
February 4, 2022

Hello,

I will try to put in a different way.

Generally when you setting up policy (a firewall rule), you have some expectation what inspections should be there and what should be filtered.

Let's have an example that you want to use the Antivirus with CDR.

This is exclusive to proxy-mode.

So you set-up the AV profile for use in proxy inspection mode with CDR turned on.

Then you create a policy for such traffic and you know you need to use the proxy inspection mode, in order to be able to use the configured AV profile.

You cannot use AV profile in proxy in a policy that is configured in flow inspection mode and vice versa.

 

Regards,

Jakub

Terms & ConditionsAccessibility statement