Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Why to use Antivirus in proxy mode

Hi,  I read the FirtiOS-7.0.0 administrator guide and find there are two scan mode for AntiVirus (flow mode and proxy mode).

It seems to be more secure with proxy mode. In proxy mode, are there more limitations than flow mode (e.g. memory requirement, disk space, max session limit) ? Thanks.


Hi AaronLiaotw


Proxy-mode is running on CPU while flow-based can be offloaded to NP.

New Contributor II

If you scan your files proxy based, the file is buffered on the FortiGate, scanned and only sent to the PC, if it is clean.


If you scan flow based, FortiGate sends the file to the PC, creates a copy of the file and scans the copy. If a virus is found, FortiGate does not sent the last packet to the PC and they client will drop the file.


The only disadvantage you have with flow based scanning: If something goes extremely wrong, you theoretically could have an incomplete file on your PC which contains a virus. 


With flow based you have hardware support to scan, use less resources on the FortiGate.  With proxy based everything is done by the CPU. 


Specially to scan HTTP(S) traffic, you want fast scanning. No reason to stay with proxy based.

Peter Bruderer
__Peter Bruderer
Top Kudoed Authors