Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
szuko
New Contributor III

Flow-based VS Proxy-mode

Hi Guys , im pretty new to fortigate and after watching more training i just get more confuse . 
Just to clarification  i have some question , if our policy is in Flow-based Then  ips cannot act on encrypted traffic ? so thats why we put it on proxy mode to intercept the traffic and put the IPS+antivirus in between . is This statement true or not ? thanks in advance 

1 REPLY 1
akristof
Staff
Staff

Hello,

 

Thank you for your question. No, even when you have flow-based inspection only, IPS and AV can match traffic based on signatures. Difference is that flow-based inspection is inspecting traffic packet by packet without any buffering, while proxy-based is able to buffer the packets, inspect it and then block/permit etc. Because of this, proxy-based inspection can provide you more control over some features plus some features are available only in proxy-based inspection.

https://docs.fortinet.com/document/fortigate/6.4.0/parallel-path-processing-life-of-a-packet/556494/...

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/721410/about-inspection-modes

Adrian
Labels
Top Kudoed Authors