Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I believe this is wrong - The Application Control will execute first, so packets will likely just be blocked.. got a similar issue myself!
In this case I believe app-control will hot first but diag debug flow is your friend
PCNSE
NSE
StrongSwan
First would be Web filtering. Logic is, say we have a URL exempted on the Webfilter and you will see it will exempt all the scanning.
Also, a URL which is blocked at first place, scanning for all the application control signatures makes no sense.
Only if the URL is allowed, then the scanning of it with all the signatures for that URL is a worth
Are we 100% sure on that?
What if the url wasn't categorized to begin with ( yes or in the wrong category ) ? ( assuming no manual or static entries where include the web-filter )?
We know in the flow or life of the packet, it has to look at layer3 route, policy, and security profile to determine what we inspect, but if you had app-control and url filtering and use a mask url, I think app-control would be the final trump.
PCNSE
NSE
StrongSwan
My understanding was wrong.
The correct flow of the UTM sequence is :
IPS > App Control > Email Filtering > Web Filtering > AV
Hi,
The Fortigate Documents about traffic flow indicate that Webfilter acts before Applifilter...but this in only truth in firewall mode, if you use the Fortigate in explicit proxy mode the applifilter goes first.
I Opened a ticket to the support and after show them i was completely right, i suggested to modify the Official Documentation but i think they are not going to to that.
Regards
@mramon79 shared some important info to keep in mind for this topic. Here is the latest "life of a packet" document from Fortinet but I'm guessing they didn't include his suggested edits. http://docs.fortinet.com/...igate-life-of-a-packet
Here is for 5.4: http://docs.fortinet.com/uploaded/files/2795/fortigate-optimal-life-54.pdf
FGT60B, FGT100A, FGT100D
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.