Directed by security policies, a FortiGate screens network traffic from the IP layer up through the application layer of the TCP/IP stack. The steps involved in this inspection depend on the FortiGate hardware configuration (the presence or absence of network processors such as the NP6 and content processors such as the CP8 and CP9) and on the Unified Threat Management (UTM)/Next Generation Firewall (NGFW) inspection mode (flow-based or proxy-based) of the FortiGate or VDOM.
This chapter describes what happens to a packet as it travels through a FortiGate running FortiOS 6.0.
The FortiGate performs three types of security inspection:
- Kernel-based stateful inspection, that provides individual packet-based security within a basic session state
- Flow-based inspection, that takes a snapshot of content packets and uses pattern matching to identify security threats in the content
- Proxy-based inspection, that reconstructs content passing through the FortiGate and inspects the content for security threats.
Each inspection component plays a role in the processing of a packet as it traverses the FortiGate en route to its destination.