Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

Fortigate Inspection mode proxy and flow based

Hi there,

 

I had gone through the documents (https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/721410/inspection-modes) but couldn't understand more clear about Inspection mode proxy and flow based.

 

Below are the my quires that I want to make it clear as follows:

1. Difference between proxy and flow based mode

2. In which case should we use proxy or flow mode

3. Packet follow of proxy and flow mode.

 

Your response will be highly appreciated

 

Thank you in advanced. 

 

 

 

 

 

 

3 REPLIES 3
ndumaj
Staff
Staff

Hi Umesh,

In default mode, flow mode traffic flowing through the policy will not be buffered by the FortiGate. 
On proxy inspection mode, traffic flowing through the policy will be buffered by the FortiGate for inspection. This means that the packets for a file, email message, or web page will be held by the FortiGate until the entire payload is inspected for violations (virus, spam, or malicious web links). After FortiOS finishes the inspection, the payload is either released to the destination (if the traffic is clean) or dropped and replaced with a replacement message (if the traffic contains violations).

You also have some use cases explained into the guide you shared.

-BR-

- Happy to help, hit like and accept the solution -
AEK
Honored Contributor II

Hi Umesh

In addition to @ndumaj 's explanation, i'd add that I personally use proxy mode only if it is a policy with WAF profile or with Antispam profile. For all others I use flow mode for its better performance and low resource consumption.

AEK
AEK
Labels
Top Kudoed Authors