Fortinet Document Library

Version:

Version:


Table of Contents

Download PDF
Copy Link

Comparison of inspection types

The tables in this section show how different security functions map to different inspection types.

Mapping security functions to inspection types

The table below lists FortiOS security functions and shows whether they are applied by the kernel, flow-based inspection or proxy-based inspection.

Security Function

Kernel
(Stateful inspection)

Flow-based inspection

Proxy-based inspection

Firewall

Yes

 

 

IPsec VPN

Yes

 

 

Traffic shaping

Yes

 

 

User authentication

Yes

 

 

Management traffic

Yes

 

 

SSL VPN

Yes

 

 

IPS

 

Yes

 

Botnet checking

 

Yes

 

AntiVirus

 

Yes

Yes

Application control

 

Yes

 

Web filtering

 

Yes

Yes

DLP

 

Yes

Yes

Email filtering (anti-spam)

 

Yes

Yes

VoIP inspection

 

 

Yes

ICAP

 

 

Yes

More information about inspection methods

The three inspection methods each have their own strengths and weaknesses. The following table looks at all three methods side-by-side.

Feature

Stateful

Flow

Proxy

Inspection unit per session

First packet

Selected packets, single pass architecture, simultaneous application of configured inspection methods

Complete content, configured inspection methods applied in order

Memory, CPU required

Low

Medium

High

Level of threat protection

Good

Better

Best

Authentication

Yes

 

 

IPsec and SSL VPN

Yes

 

 

AntiVirus protection

 

Yes

Yes

Web filtering

 

Yes

Yes

Data Leak Protection (DLP)

 

Yes

Yes

Application control

 

Yes

 

IPS

 

Yes

 

Delay in traffic

Minor

No

Small

Reconstruct entire content

 

No

Yes

For more information, see the Inspection Modes section in the FortiOS Cookbook in the Fortinet Document Library.

Comparison of inspection types

The tables in this section show how different security functions map to different inspection types.

Mapping security functions to inspection types

The table below lists FortiOS security functions and shows whether they are applied by the kernel, flow-based inspection or proxy-based inspection.

Security Function

Kernel
(Stateful inspection)

Flow-based inspection

Proxy-based inspection

Firewall

Yes

 

 

IPsec VPN

Yes

 

 

Traffic shaping

Yes

 

 

User authentication

Yes

 

 

Management traffic

Yes

 

 

SSL VPN

Yes

 

 

IPS

 

Yes

 

Botnet checking

 

Yes

 

AntiVirus

 

Yes

Yes

Application control

 

Yes

 

Web filtering

 

Yes

Yes

DLP

 

Yes

Yes

Email filtering (anti-spam)

 

Yes

Yes

VoIP inspection

 

 

Yes

ICAP

 

 

Yes

More information about inspection methods

The three inspection methods each have their own strengths and weaknesses. The following table looks at all three methods side-by-side.

Feature

Stateful

Flow

Proxy

Inspection unit per session

First packet

Selected packets, single pass architecture, simultaneous application of configured inspection methods

Complete content, configured inspection methods applied in order

Memory, CPU required

Low

Medium

High

Level of threat protection

Good

Better

Best

Authentication

Yes

 

 

IPsec and SSL VPN

Yes

 

 

AntiVirus protection

 

Yes

Yes

Web filtering

 

Yes

Yes

Data Leak Protection (DLP)

 

Yes

Yes

Application control

 

Yes

 

IPS

 

Yes

 

Delay in traffic

Minor

No

Small

Reconstruct entire content

 

No

Yes

For more information, see the Inspection Modes section in the FortiOS Cookbook in the Fortinet Document Library.