Fortinet black logo

Introduction

Introduction

A FortiGate inspects network traffic from the IP layer up through the application layer of the TCP/IP stack. The FortiGate uses security policies to do this inspection. Inspection steps depend on the FortiGate hardware such as whether the FortiGate has network processors like the NP6 and content processors like the CP8 and CP9. It also depends on the Unified Threat Management (UTM)/Next Generation Firewall (NGFW) inspection mode (flow-based or proxy-based).

Note

Before FortiOS 6.2.0, the inspection mode is based on the FortiGate or VDOM.

In FortiOS 6.2.0 and higher, the inspection mode is based on the security policy so you can set a different inspection mode for each security policy.

This guide describes what happens to a packet as it travels through a FortiGate running FortiOS 6.4 and higher.

The FortiGate performs the following types of security inspection:

  • Kernel-based stateful inspection, that provides individual packet-based security within a basic session state.
  • Flow-based inspection, that takes a snapshot of content packets and uses pattern matching to identify security threats in the content.
  • Proxy-based inspection, that reconstructs content passing through the FortiGate and inspects the content for security threats.

Each inspection component plays a role in the processing of a packet as it traverses the FortiGate en route to its destination.

How this guide is organized

This guide contains the following sections:

Introduction

Introduction

A FortiGate inspects network traffic from the IP layer up through the application layer of the TCP/IP stack. The FortiGate uses security policies to do this inspection. Inspection steps depend on the FortiGate hardware such as whether the FortiGate has network processors like the NP6 and content processors like the CP8 and CP9. It also depends on the Unified Threat Management (UTM)/Next Generation Firewall (NGFW) inspection mode (flow-based or proxy-based).

Note

Before FortiOS 6.2.0, the inspection mode is based on the FortiGate or VDOM.

In FortiOS 6.2.0 and higher, the inspection mode is based on the security policy so you can set a different inspection mode for each security policy.

This guide describes what happens to a packet as it travels through a FortiGate running FortiOS 6.4 and higher.

The FortiGate performs the following types of security inspection:

  • Kernel-based stateful inspection, that provides individual packet-based security within a basic session state.
  • Flow-based inspection, that takes a snapshot of content packets and uses pattern matching to identify security threats in the content.
  • Proxy-based inspection, that reconstructs content passing through the FortiGate and inspects the content for security threats.

Each inspection component plays a role in the processing of a packet as it traverses the FortiGate en route to its destination.

How this guide is organized

This guide contains the following sections: