Why to use Antivirus in proxy mode

Forum|Forum|4 years ago
July 19, 2021
2 replies
2536 views

Hi, I read the FirtiOS-7.0.0 administrator guide and find there are two scan mode for AntiVirus (flow mode and proxy mode).

It seems to be more secure with proxy mode. In proxy mode, are there more limitations than flow mode (e.g. memory requirement, disk space, max session limit) ? Thanks.

ESCHAN_FTNT

Staff

Hi AaronLiaotw

Proxy-mode is running on CPU while flow-based can be offloaded to NP.

brudy

New Member

If you scan your files proxy based, the file is buffered on the FortiGate, scanned and only sent to the PC, if it is clean.

If you scan flow based, FortiGate sends the file to the PC, creates a copy of the file and scans the copy. If a virus is found, FortiGate does not sent the last packet to the PC and they client will drop the file.

The only disadvantage you have with flow based scanning: If something goes extremely wrong, you theoretically could have an incomplete file on your PC which contains a virus.

With flow based you have hardware support to scan, use less resources on the FortiGate. With proxy based everything is done by the CPU.

Specially to scan HTTP(S) traffic, you want fast scanning. No reason to stay with proxy based.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded