Inspection Modes

You can select one of two inspection modes from the System > Settings page to control the security profile inspection mode for your FortiGate or VDOM.

  • Proxy-based inspection, that reconstructs content passing through the FortiGate unit and inspects the content for security threats, or
  • Flow-based inspection, that takes a snapshot of content packets and uses pattern matching to identify security threats in the content.

Each inspection component plays a role in the processing of traffic en route to its destination. Having control over flow and proxy mode is helpful if you want to be sure that only flow inspection mode is used (and that proxy inspection mode is not used). In most cases proxy mode is preferred because more security profile features are available and more configuration options for these individual features are available. Yet, some implementations may require all security profile scanning to only use flow mode. In this case, you can set your FortiGate to flow mode knowing that proxy mode inspection will not be used. While both modes offer significant security, proxy-based provides more features and flow-based is designed to optimize performance.

This section addresses the following topics: