Description
This article describes how to change the inspection mode of the firewall. The FortiGate firewall can operate in two different modes: flow mode and proxy mode.
- Proxy-based: the proxy-based inspection involves buffering traffic and examining it as a whole before determining an action. The process of having the whole of the data to analyze allows for the examination of more data points than the flow-based.
- Flow-based: the flow-based inspection method examines the data packets as they pass through the FortiGate without any buffering. Each packet that arrives is processed and forwarded without waiting for the complete file or web page.
Scope
FortiGate.
Solution
V6.0:
From GUI:
To control the FortiGate's security profile inspection mode in FortiOS, select 'Flow-based' or 'Proxy-based' modes from System -> Settings.
From CLI:
Use the below command to change the inspection mode:
Use the below command to change the inspection mode:
config system settings
set inspection-mode <flow or proxy>
end
Use the below command to change the inspection mode when the VDOMs are enabled:
config vdom
edit <vdom>
config system settings
set ngfw-mode <policy-based | profile-based>
end
next
end
V6.2 to v7.0.x.
From GUI:
To control the FortiGate's security profile inspection mode per policy, select 'Flow-based' or 'Proxy-based' modes from IPv4 Policy -> Edit (a particular policy).
From the CLI:
Use the below command to change the inspection mode:
config firewall policy
edit # (ID of the policy)
set inspection-mode <flow or proxy>
end
V7.2.4+:
After upgrading Firmware 7.2.4, some devices cannot see inspection mode on GUI.
By default, the inspection mode of the new firewall policy is set to Flow Based. To have this option to be available in GUI, enter the following commands in CLI:
config system global
set proxy-and-explicit-proxy enable
end
config system settings
set gui-proxy-inspection enable
end
Also from CLI. Use the below command to change the inspection mode to proxy mode:
config firewall policy
edit <firewall policy ID>
set inspection-mode proxy
end
Once these changes are performed, the inspection mode in GUI will be shown:
This is an expected behavior, and this feature is placed for a reason.
It is possible to review this document for the new feature enhancement of v7.2.4:
Note:
When the firewall is running in NGFW policy-based mode, the operational mode is limited to 'flow', with no possible option to change to 'proxy'.
When the VDOMs are enabled on the firewall, there will not be any option available to change the firewall mode globally it has to be changed per VDOM.
Special Note:
Starting from v7.4.0, Proxy-related features are no longer supported in FortiOS. This change affects the FortiGate/FortiWiFi-40F, 60E, 60F, 80E, and 90E series devices, including their variants, as well as the FortiGate-Rugged 60F (2 GB versions only).
Related document:
