Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mriswan
Staff
Staff

Created on ‎12-23-2024 10:13 PM Edited on ‎10-01-2025 07:04 AM By Moderator

Article Id 366347

Technical Tip: Processing Order of UTM Profiles in FortiGate Firewall Policies

Description

 

This article describes the order of processing UTM profiles configured in firewall policies.

 

Scope

 

FortiGate.

 

Solution

 

FortiGate applies the inspection profiles in the following order:

  1. IPS.
  2. Application Control.
  3. VoIP.
  4. DLP.
  5. Antispam.
  6. Web Filtering.
  7. Antivirus.


If the policy inspection mode is flow-based, the IPS engine is responsible for processing the traffic in the following order:
IPS -> Application Control -> Web Filtering -> DLP -> Botnet checking -> AntiVirus.

If the inspection mode is proxy-based, the IPS engine performs IPS, Application Control, and Botnet checking; the rest of the profiles will be handled by a proxy.

 

Note: Exempting a URL in the web filter causes it to bypass antivirus scanning by default.

 

For a detailed explanation of the packet processing: Parallel Path Processing

 

Note: From 7.6.3, FortiGate models with 2GB of RAM or less no longer support FortiOS proxy-related features. UTM profiles with proxy-based inspection mode were also removed. See Proxy-related features not supported on FortiGate 2 GB RAM models | FortiGate / FortiOS 7.6.3 | Fort....

1760
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.