Changing between proxy and flow mode
In FortiOS 5.4.0 and 5.4.1, proxy mode is enabled by default and you change to flow mode by changing the Inspection Mode on the System Information widget. If required, you can change back to proxy mode through System Information widget.
When you select Flow-based you are reminded that all proxy mode profiles are converted to flow mode, removing any proxy settings. As well proxy mode only features (for example, Web Application Profile) are removed from the GUI.
In addition, selecting Flow-based inspection will cause the Explicit Web Proxy and Explicit FTP Proxy features to be removed from the GUI and the CLI. This includes Explicit Proxy firewall policies.
W hen you select Flow-based you can only configure Virtual Servers (under Policy & Objects > Virtual Servers) with Type set to HTTP, TCP, UDP, or IP.
If required, you can change back to proxy mode through the System Information dashboard widget.
If your FortiGate has multiple VDOMs, you can set the inspection mode independently for each VDOM. Use the top left dropdown menu to go to Global > System > VDOM. Click Editfor the VDOM you wish to change and select the Inspection Mode.
|Switching to flow-based inspection also turns off WAN Optimization, Web Caching, the Explicit Web Proxy, and the Explicit FTP Proxy making sure that no proxying can occur.|
From the GUI, you can only configure antivirus and web filter security profiles in proxy mode. From the CLI you can configure flow-based antivirus profiles, web filter profiles and DLP profiles and they will appear on the GUI and include their inspection mode setting. Also, flow-based profiles created when in flow mode are still available when you switch to proxy mode.