Description
This article describes how to change the inspection mode of the firewall. The FortiGate firewall can operate in two different modes: flow mode and proxy mode.
- Proxy-based: the proxy-based inspection involves buffering traffic and examining it as a whole before determining an action. The process of having the whole of the data to analyze allows for the examination of more data points than the flow-based.
- Flow-based: the flow-based inspection method examines the data packets as they pass through the FortiGate without any buffering. Each packet that arrives is processed and forwarded without waiting for the complete file or web page.
Solution
V6.0:
From GUI:
To control the FortiGate's security profile inspection mode in FortiOS, select 'Flow-based' or 'Proxy-based' modes from System -> Settings.
Use the below command to change the inspection mode:
set inspection-mode <flow or proxy>
end
Use the below command to change the inspection mode when the VDOMs are enabled:
config vdom
edit <vdom>
config system settings
set ngfw-mode <policy-based | profile-based>
end
next
end
V6.2 to v7.0.x.
From GUI:
To control the FortiGate's security profile inspection mode per policy, select 'Flow-based' or 'Proxy-based' modes from IPv4 Policy -> Edit (a particular policy).
By default, the inspection mode of the new firewall policy is set to Flow Based. To have this option to be available in GUI, enter the following commands in CLI:
config system global
set proxy-and-explicit-proxy enable
end
config system settings
set gui-proxy-inspection enable
end
Also from CLI. Use the below command to change the inspection mode to proxy mode:
config firewall policy
edit <firewall policy ID>
set inspection-mode proxy
end
This is an expected behavior, and this feature is placed for a reason.
It is possible to review this document for the new feature enhancement of v7.2.4:
