Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sebastan_bach
New Contributor

DLP in Proxy mode or Flow Mode

Hi,

 

I have found confusing statements in the documentation. some part of the documentation mention that DLP is a proxy based security profile and other place I found it mentioning that DLP can operate in Flow mode.

 

If it can operate in both the modes are there any specific reason for operating the DLP profile in either of the modes.

 

Kindly please let me know.

 

Regards

 

Sebastan

1 REPLY 1
michaelbazy_FTNT

Hi Sebastan,

 

I think the answer lies here:

"IPS and Application Control are only applied using flow-based inspection. Web Filtering, DLP and Antivirus can also be applied using proxy-based inspection." (cf FortiOS HandBook).

From what I could see in the docs, the DLP engine itself doesn't scan the traffic. The engine communicates with the processes in charge of the scan, and "ask" the process if it can find the specific pattern.

 

I suppose that the next question could be "how do I know if it's the proxy or the IPS engine that does the scan?"

 

Well for that, I suppose that the only way would be through testing (which I can't do right now).

 

Let me know if it helps, though.

 

Thanks in advance and regards,

 

Michael

I'm operating by "Crocker's Rules"
Top Kudoed Authors