Flow-based VS Proxy-mode

Forum|Forum|4 years ago
January 31, 2022
1 reply
8512 views

Hi Guys , im pretty new to fortigate and after watching more training i just get more confuse .
Just to clarification i have some question , if our policy is in Flow-based Then ips cannot act on encrypted traffic ? so thats why we put it on proxy mode to intercept the traffic and put the IPS+antivirus in between . is This statement true or not ? thanks in advance

akristof

Staff

Hello,

Thank you for your question. No, even when you have flow-based inspection only, IPS and AV can match traffic based on signatures. Difference is that flow-based inspection is inspecting traffic packet by packet without any buffering, while proxy-based is able to buffer the packets, inspect it and then block/permit etc. Because of this, proxy-based inspection can provide you more control over some features plus some features are available only in proxy-based inspection.

https://docs.fortinet.com/document/fortigate/6.4.0/parallel-path-processing-life-of-a-packet/556494/utm-ngfw-packet-flow-flow-based-inspection

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/721410/about-inspection-modes

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded