Hi,
I have found confusing statements in the documentation. some part of the documentation mention that DLP is a proxy based security profile and other place I found it mentioning that DLP can operate in Flow mode.
If it can operate in both the modes are there any specific reason for operating the DLP profile in either of the modes.
Kindly please let me know.
Regards
Sebastan
Hi Sebastan,
I think the answer lies here:
"IPS and Application Control are only applied using flow-based inspection. Web Filtering, DLP and Antivirus can also be applied using proxy-based inspection." (cf FortiOS HandBook).
From what I could see in the docs, the DLP engine itself doesn't scan the traffic. The engine communicates with the processes in charge of the scan, and "ask" the process if it can find the specific pattern.
I suppose that the next question could be "how do I know if it's the proxy or the IPS engine that does the scan?"
Well for that, I suppose that the only way would be through testing (which I can't do right now).
Let me know if it helps, though.
Thanks in advance and regards,
Michael
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.