Hi, I read the FirtiOS-7.0.0 administrator guide and find there are two scan mode for AntiVirus (flow mode and proxy mode).
It seems to be more secure with proxy mode. In proxy mode, are there more limitations than flow mode (e.g. memory requirement, disk space, max session limit) ? Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi AaronLiaotw
Proxy-mode is running on CPU while flow-based can be offloaded to NP.
If you scan your files proxy based, the file is buffered on the FortiGate, scanned and only sent to the PC, if it is clean.
If you scan flow based, FortiGate sends the file to the PC, creates a copy of the file and scans the copy. If a virus is found, FortiGate does not sent the last packet to the PC and they client will drop the file.
The only disadvantage you have with flow based scanning: If something goes extremely wrong, you theoretically could have an incomplete file on your PC which contains a virus.
With flow based you have hardware support to scan, use less resources on the FortiGate. With proxy based everything is done by the CPU.
Specially to scan HTTP(S) traffic, you want fast scanning. No reason to stay with proxy based.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.