FortiOS 5.6 Online Help Link FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link

Home > Online Help

Comparison of inspection types

The tables in this section show how different security functions map to different inspection types.

Mapping security functions to inspection types

The table below lists FortiOS security functions and shows whether they are applied by the kernel, flow-based inspection or proxy-based inspection. This table does not indicate which inspection types are available depending on the inspection mode. When the inspection mode is set to proxy all inspection types are available. When the inspection mode is set to flow-based then proxy-only inspection types are not available.

FortiOS security functions and inspection types
Security Function Kernel
(Stateful inspection)
Flow-based inspection Proxy-based inspection
Firewall yes    
IPsec VPN yes    
Traffic Shaping yes    
User Authentication yes    
Management Traffic yes    
SSL VPN yes    
IPS   yes  
Antivirus   yes yes
Application Control   yes  
CASI   yes  
Web filtering   yes yes
DLP   yes yes
Anti-Spam     yes
VoIP inspection     yes
ICAP     yes

More information about inspection methods

The three inspection methods each have their own strengths and weaknesses. The following table looks at all three methods side-by-side.

Inspection methods comparison
Feature Stateful Flow Proxy
Inspection unit per session first packet selected packets, single pass architecture, simultaneous application of configured inspection methods complete content, configured inspection methods applied in order
Memory, CPU required low medium high
Level of threat protection good better best
Authentication yes    
IPsec and SSL VPN yes    
Antivirus protection   yes yes
Web Filtering   yes yes
Data Leak Protection (DLP)   yes yes
Application control   yes  
IPS   yes  
Delay in traffic minor no small
Reconstruct entire content   no yes