Hi all,
FYI : I am new here, and this is my 1st post on this forum. I am preparing for NSE4 and one thing is unclear for me.
I rly need to understand how is FTG handling packets in flow-base mode. FORTINET documentation is not clear and
a) once claims that FTG doesn't buffer packets and only forward it
b) and in the same pdf in another section claims that it forward to client (without any delay) but at the same time buffer it.
Documentation is course for NSE4 exam.
a) The flow-based inspection mode examines the file as it passes through FortiGate => without any buffering.
[ul]Packets are analyzed and forwarded as they are received.
Original traffic is not altered. Therefore, advanced features that modify content, such as safe search enforcement, are not supported.versus
b)
As you can see on this slide,
the client sends a request and starts receiving packets immediately from server
Thank you for explanation.
pepso
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Looks pretty straight forward to me. It simultaneously buffers and forwards. So the client experiences no delay as the buffering only serves to allow the AV scanning to see the whole file at once. I'm not sure it can be explained much better honestly.
lobstercreed wrote:Looks pretty straight forward to me. It simultaneously buffers and forwards. So the client experiences no delay as the buffering only serves to allow the AV scanning to see the whole file at once. I'm not sure it can be explained much better honestly.
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/659145/flow-mode-inspection-default-mode
very first sentence ..."When a firewall policy’s inspection mode is set to flow, traffic flowing through the policy will not be buffered by the FortiGate. "
I also thought (all the time) that packets are simultaneously buffered and forwarded, but now I am not sure.
You're overthinking it. Read this: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/969330/proxy-mode-inspection
At a high level, the two inspection modes are different in the sense that one buffers (without sending the packets on to the client until it has completed inspection) while the other does not (it immediately sends packets on to the client). Yes, technically they both buffer to perform A/V inspection, but as observed from the client side one does not buffer while the other does.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.