Created on 05-13-2020 03:23 AM Edited on 12-11-2024 01:03 AM By Jean-Philippe_P
Description
This article describes how to change the inspection mode of the firewall. The FortiGate firewall can operate in two different modes: flow mode and proxy mode.
Solution
V6.0:
From GUI:
To control the FortiGate's security profile inspection mode in FortiOS, select 'Flow-based' or 'Proxy-based' modes from System -> Settings.
set inspection-mode <flow or proxy>
end
Use the below command to change the inspection mode when the VDOMs are enabled:
config vdom
edit <vdom>
config system settings
set ngfw-mode <policy-based | profile-based>
end
next
end
V6.2 to v7.0.x.
From GUI:
To control the FortiGate's security profile inspection mode per policy, select 'Flow-based' or 'Proxy-based' modes from IPv4 Policy -> Edit (a particular policy).
By default, the inspection mode of the new firewall policy is set to Flow Based. To have this option to be available in GUI, enter the following commands in CLI:
config system global
set proxy-and-explicit-proxy enable
end
config system settings
set gui-proxy-inspection enable
end
Also from CLI. Use the below command to change the inspection mode to proxy mode:
config firewall policy
edit <firewall policy ID>
set inspection-mode proxy
end
This is an expected behavior, and this feature is placed for a reason.
It is possible to review this document for the new feature enhancement of v7.2.4:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.