Comparison of inspection types
The tables in this section show how different security functions map to different inspection types.
Mapping security functions to inspection types
The table below lists FortiOS security functions and shows whether they are applied by the kernel, flow-based inspection or proxy-based inspection.
|
Security Function |
Kernel |
Flow-based inspection |
Proxy-based inspection |
|---|---|---|---|
|
Firewall |
Yes |
|
|
|
IPsec VPN |
Yes |
|
|
|
Traffic shaping |
Yes |
|
|
|
User authentication |
Yes |
|
|
|
Management traffic |
Yes |
|
|
|
SSL VPN |
Yes |
|
|
|
IPS |
|
Yes |
|
|
Botnet checking |
|
Yes |
|
|
AntiVirus |
|
Yes |
Yes |
|
Application control |
|
Yes |
|
|
Web filtering |
|
Yes |
Yes |
|
DLP |
|
Yes |
Yes |
|
Email filtering (anti-spam) |
|
Yes |
Yes |
|
VoIP inspection |
|
|
Yes |
|
ICAP |
|
|
Yes |
More information about inspection methods
The three inspection methods each have their own strengths and weaknesses. The following table looks at all three methods side-by-side.
|
Feature |
Stateful |
Flow |
Proxy |
|---|---|---|---|
|
Inspection unit per session |
First packet |
Selected packets, single pass architecture, simultaneous application of configured inspection methods |
Complete content, configured inspection methods applied in order |
|
Memory, CPU required |
Low |
Medium |
High |
|
Level of threat protection |
Good |
Better |
Best |
|
Authentication |
Yes |
|
|
|
IPsec and SSL VPN |
Yes |
|
|
|
AntiVirus protection |
|
Yes |
Yes |
|
Web filtering |
|
Yes |
Yes |
|
Data Leak Protection (DLP) |
|
Yes |
Yes |
|
Application control |
|
Yes |
|
|
IPS |
|
Yes |
|
|
Delay in traffic |
Minor |
No |
Small |
|
Reconstruct entire content |
|
No |
Yes |
For more information, see the Inspection Modes section in the FortiOS Cookbook in the Fortinet Document Library.