Hey,

currently learning for my certification and got really stuck on this question:

So why would Change Inspection mode to Flow-Based - as the Training Portal says - be the right answer here? As i understood from the Study Guide the Application Control relys on the IPS Engine and will always work in Flow-based even if the Firewall Policy has Proxy-based Inspection configured. So it should not matter which Inspection-Mode is configured from my understanding. As the phrase from the study guide says:

Also, i tried to reproduce it on my lab. Looked for some Google Application which falls under Excessive Bandwith, in this scenario I choosed Google.Maps. Put this object into Application and Filter Overrides with Prio 2 and Action Monitor and above the Excessive-Bandwith Filter with Prio 1 and Action Block. Google Maps got blocked. When moving Google-Maps to Prio 1 the connection worked.

So is this maybe wrong in the Training Portal? Or where am I thinking wrong? Really trying to understand the process and why Fortinet chooses the change of the Inspection Mode to Flow-based as right answer here.

Thanks for your support and kind regards

Nick