|
Flow-based Inspection:
The IPS engine is responsible for inspecting the packets matching the firewall policy configured in this mode, in a single-pass approach. All UTM profiles inspect the packet at the same time, which includes IPS, Application Control, Web Filtering, DLP. Botnet checking and Antivirus.
Proxy-based Inspection:
A mixture of flow-based and proxy-based inspection occurs. As usual, the IPS engine handles flow-based inspection process. The WAD process handles the proxy one.
Packets will be checked by the UTM profiles that can run a flow-based inspection process, no matter what inspection mode is set on the firewall policy, which includes single pass IPS, Botnet checking, and Application Control.
Once those checks are completed, the packet will then be inspected by the UTM profiles that can run both inspection processes (flow- or proxy-based), depends on the inspection mode set in the firewall policy and UTM profiles that are only available for proxy-based inspection mode, which includes the following in an order: VoIP Inspection -> DLP -> Email Filter (Anti-Spam) -> Web Filtering -> Anti Virus -> ICAP
For more information, refer to the Parallel Path Processing (Life of a Packet) document on the official Fortinet documentation page. This applies for v6.4 and above.
|
