Chapter 15 Unified Threat Management for FortiOS 5.0 : Security Profiles overview : Traffic inspection
  
Traffic inspection
When the FortiGate unit examines network traffic one packet at a time for IPS signatures, it is performing traffic analysis. This is unlike content analysis where the traffic is buffered until files, email messages, web pages, and other files are assembled and examined as a whole.
DoS policies use traffic analysis by keeping track of the type and quantity of packets, as well as their source and destination addresses.
Application control uses traffic analysis to determine which application generated the packet.
Although traffic inspection doesn’t involve taking packets and assembling files they are carrying, the packets themselves can be split into fragments as they pass from network to network. These fragments are reassembled by the FortiGate unit before examination.
No two networks are the same and few recommendations apply to all networks. This topic offers suggestions on how you can use the FortiGate unit to help secure your network against content threats.