| Description | This article describes briefly how network-based and host-based firewalls work, specifically regarding FortiGate. |
| Scope | FortiGate. |
| Solution |
Network-based firewalls are typically positioned at the network's perimeter, such as between the internet and an organization's internal network. They examine network traffic as it enters and exits the network, filtering packets based on predefined rules preventing unauthorized access from external sources, but do not inspect traffic originating from within the network (hosts in the same subnet).
Host-based firewalls are software applications installed directly on the hosts to monitor and control network traffic to and from the specific host on which they are installed to protect against attacks originating within the network, filtering traffic based on applications, users, and ports.
FortiGate is a network-based firewall. So, with or without a firewall policy, or even if the FortiGate is powered off, the users will communicate successfully with other hosts for traffic across the same LAN/VLAN.
When performing a sniffer capture on the FortiGate, no packets will be observed, indicating that the traffic between the hosts doesn't need to reach the firewall to continue working properly.
Note: FortiGate must not be investigated for any issues related to the host's inability to reach services on other hosts/servers within the same subnet, except for VIP traffic (Hairpin NAT), because the host needs to reach the gateway of the host (FortiGate interface IP) and then FortiGate will redirect the traffic.
Related article: |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNDR (on-premise)
- FortiNAC-F
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiRecon
- FortiProxy
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiTester
- FortiSwitch
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: Difference between network-based an...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.