Hi Guys , im pretty new to fortigate and after watching more training i just get more confuse .
Just to clarification i have some question , if our policy is in Flow-based Then ips cannot act on encrypted traffic ? so thats why we put it on proxy mode to intercept the traffic and put the IPS+antivirus in between . is This statement true or not ? thanks in advance
Hello,
Thank you for your question. No, even when you have flow-based inspection only, IPS and AV can match traffic based on signatures. Difference is that flow-based inspection is inspecting traffic packet by packet without any buffering, while proxy-based is able to buffer the packets, inspect it and then block/permit etc. Because of this, proxy-based inspection can provide you more control over some features plus some features are available only in proxy-based inspection.
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/721410/about-inspection-modes
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.