Skip to main content
AEK
SuperUser
AEK
SuperUser
December 24, 2024
Question

Using IPS in FGT for FML and FWB traffic

  • December 24, 2024
  • 3 replies
  • 1024 views

Hi security admins

Usually when I integrate FML or FWB, I don't use IPS profile (or any other security profile) in the FGT firewall rule that forwards SMTP traffic to FML and HTTPS traffic to FWB.

In my understanding, using security profiles at FGT level is probably useless since it will add more unnecessary load to my FGT, while FML & FWB should do the job much better than FGT.

I'm I right?

Does IPS profile (with deep inspection) at FGT level actually adds any additional layer of security that FML & FWB doesn't have?

What does Fortinet, other constructors and other security experts recommend here?

 

    3 replies

    kaman
    Staff
    kaman
    Staff
    December 24, 2024

    Hi AEK,

    When integrating FortiMail (FML) or FortiWeb (FWB) with your FortiGate (FGT) firewall, it is common practice not to use the IPS profile or any other security profiles in the FGT firewall rule that forwards SMTP traffic to FML and HTTPS traffic to FWB. This is because FML and FWB are specialized devices designed to handle email and web traffic security more efficiently.

    Using security profiles at the FGT level can indeed add unnecessary load to your FGT, as FML and FWB are optimized for handling specific types of traffic.

    However, the IPS profile with deep inspection at the FGT level does provide an additional layer of security that FML and FWB may not have. The IPS profile can detect and prevent network threats that may not be covered by the security features of FML and FWB.

    As usual, the IPS engine handles flow-based inspection process. The WAD process handles the proxy one.

    This means using multiple layers of security controls to protect your network. While FML and FWB are specialized for email and web security, adding the IPS profile at the FGT level can enhance overall security posture by providing additional threat detection and prevention capabilities.

    In summary, while it is common not to use security profiles at the FGT level when forwarding traffic to specialized security devices like FML and FWB, adding the IPS profile can provide an extra layer of security and is recommended for a comprehensive security strategy.


    https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/122078/deep-inspection

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-UTM-Security-Profiles-precedence-order-of/ta-p/359844

    Regards,
    Aman

      ByteHaven
      ByteHaven
      Explorer III
      December 24, 2024

      Hello AEK,

       

      I agree that introducing additional security profiles for traffic forwarded to FML and FWB could affect performance, as these devices are designed to handle the inspection.

      Whether to implement this dual inspection depends on the organization's preferences and policies. For environments with low network traffic and high performance firewalls, adding an IPS profile can be an effective combination, but that's just my opinion.

       

      Best regards,

       

        AEK
        SuperUser
        AEKAuthor
        SuperUser
        December 24, 2024

        Thanks to both. It's more clear now.

        AEK
        Terms & ConditionsAccessibility statement