I know the inspection mode is how FortiGate scans the traffic in a firewall policy. Flow-based is like looking at the TCP flow or taking snapshots of the traffic, and in proxy-based mode FortiGate intercepts the traffic like a man-in-the-middle scenario.
But how is the inspection mode related to security profiles. Can you configure a firewall policy in flow-based inspection mode, and apply a proxy-based AV security profile? Or can you configure a firewall policy in proxy-mode inspection mode, and apply a flow-based web filtering profile?
As per your query, if you would add a flow-based inspection profile to the proxy-based policy you will see the warning sign on the policy saying that some of the features would not work or the Security profile needs to be configured to proxy-based. or based upon the inspection mode. So to answer your question, yes you configure a firewall policy in proxy-mode inspection mode and apply a flow-based web filtering profile. However, the inspection might not work as the way it should
Ok, I understand. But my actual question is, why do you need to set a flow-based or proxy-based inspection mode if you can set a flow-based or proxy-based web filtering (for example) profile? It seems you are setting the same twice. It seems they are the same. You are actually setting the inspection mode in the security profile. For me setting the inspection mode is redundant since you choose the mode when you configure the security profile. Or am I missing anything?
I believe the changes to how inspection mode is set were due to the fact that in 5.2 (and earlier versions) it could only be set in the profiles; there are known perfomance issues if profiles with different inspection modes are set in the same policy, and FortiOS moved to set inspection mode for the entire unit/per-VDOM (6.0) and then per policy.
It does make it a bit trickier to understand the logic behind it, I agree :)
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.