Skip to main content
sebastan_bach
sebastan_bach
New Member
July 3, 2016
Question

DLP in Proxy mode or Flow Mode

  • July 3, 2016
  • 1 reply
  • 5966 views

Hi,

 

I have found confusing statements in the documentation. some part of the documentation mention that DLP is a proxy based security profile and other place I found it mentioning that DLP can operate in Flow mode.

 

If it can operate in both the modes are there any specific reason for operating the DLP profile in either of the modes.

 

Kindly please let me know.

 

Regards

 

Sebastan

1 reply

michaelbazy_FTNT
Staff
michaelbazy_FTNT
Staff
September 6, 2016

Hi Sebastan,

 

I think the answer lies here:

"IPS and Application Control are only applied using flow-based inspection. Web Filtering, DLP and Antivirus can also be applied using proxy-based inspection." (cf FortiOS HandBook).

From what I could see in the docs, the DLP engine itself doesn't scan the traffic. The engine communicates with the processes in charge of the scan, and "ask" the process if it can find the specific pattern.

 

I suppose that the next question could be "how do I know if it's the proxy or the IPS engine that does the scan?"

 

Well for that, I suppose that the only way would be through testing (which I can't do right now).

 

Let me know if it helps, though.

 

Thanks in advance and regards,

 

Michael

Terms & ConditionsAccessibility statement