Hi Guys , im pretty new to fortigate and after watching more training i just get more confuse . Just to clarification i have some question , if our policy is in Flow-based Then ips cannot act on encrypted traffic ? so thats why we put it on proxy mode to intercept the traffic and put the IPS+antivirus in between . is This statement true or not ? thanks in advance
Thank you for your question. No, even when you have flow-based inspection only, IPS and AV can match traffic based on signatures. Difference is that flow-based inspection is inspecting traffic packet by packet without any buffering, while proxy-based is able to buffer the packets, inspect it and then block/permit etc. Because of this, proxy-based inspection can provide you more control over some features plus some features are available only in proxy-based inspection.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.