Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nevan
Staff
Staff

Created on ‎03-02-2025 11:48 PM Edited on ‎04-16-2025 05:12 AM By Moderator

Article Id 379910

Technical Tip: Proxy Inline Intrusion Prevention System feature in FortiOS

Description This article describes the feature proxy-inline-ips that is being added from v7.4.2 to control HTTP/HTTPS traffic process through WAD instead of the IPS engine. The feature will help to reduce the workload from the IPS engine by distributing with Web Application Daemon (WAD).
Scope FortiGate v7.4.2 and above.
Solution

An Inline Intrusion Prevention System (IPS) is a security solution that actively monitors and filters network traffic in real-time. Unlike passive systems that only detect threats, an inline IPS is placed directly in the path of data flow, allowing it to inspect, identify, and block malicious activity before it reaches its intended destination. 

 

Apart from the passive mode of IPS, the inline IPS actively inspects traffic from the traffic path. Due to identifying malicious traffic and threats in real time, a network delay can be observed. If SSL/TLS decryption is enabled for HTTP/HTTPS traffic, the firewall must decrypt, analyze, and re-encrypt traffic, significantly increasing CPU consumption.

The new Inline-IPS feature allows HTTP/HTTPS traffic to be processed directly in WAD for App-Control and IPS UTM features, reducing reliance on the IPS Engine. The feature is by default enabled in FortiOS starting from v7.4.2. 

 

CLI :

 

config ips settings
    set proxy-inline-ips {enable | disable}
end

 

The IPS engine will be still required for non-HTTP protocols(for example, SMTP, POP3, FTP, etc.). The feature is considered an essential tool for optimizing the IPS engine to reduce CPU usage and balance security and performance. 

 

The inline IPS Database can be determined using the below command:

 

erbium-kvm56 # diagnose wad debug ips-db status
inline-ips db, version 2144000 checksum 5a72e1d075b06a39f94847f5f5f1c02c, compile took 95 sec
ips: 6.741 Tue Dec 1 02:30:00 2015
app: 6.741 Tue Dec 1 02:30:00 2015
app entries: 2421
app custom entries: 0
ips entries: 6046
ips custom entries: 0

 

Related article:
Technical Tip: IPS memory optimization steps
1522
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.