Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Inspection mode feature comparison

The following table shows which UTM profile can be configured on a flow mode or proxy mode inspection policy.

Some UTM profiles are hidden in the GUI and can only be configured using the CLI. To configure profiles in a firewall policy in CLI, enable the utm-status setting.

Some profiles might have feature differences between flow-based and proxy-based Inspection. From the GUI and CLI, you can set the Feature set option to be Flow-based or Proxy-based to display only the settings for that mode.

 

Flow Mode Inspection Policy

Proxy Mode Inspection Policy

Feature set option

UTM Profile

GUI

CLI

GUI

CLI

AntiVirus

Yes

Yes

Yes

Yes

GUI/CLI

Web Filter

Yes

Yes

Yes

Yes

GUI/CLI

DNS Filter

Yes

Yes

Yes

Yes

N/A

Application Control

Yes

Yes

Yes

Yes

N/A

Intrusion Prevention System

Yes

Yes

Yes

Yes

N/A

File Filter

Yes

Yes

Yes

Yes

GUI/CLI

Email Filter

Yes

Yes

Yes

Yes

GUI/CLI

Data Leak Prevention

No

Yes

No

Yes

CLI

VoIP

Yes

Yes

Yes

Yes

N/A

ICAP

No

No

Yes

Yes

N/A

Web Application Firewall

No

No

Yes

Yes

N/A

SSL/SSH Inspection

Yes

Yes

Yes

Yes

N/A

The following sections outline differences between flow-based and proxy-based inspection for a security profile.

Feature comparison between AntiVirus inspection modes

The following table indicates which AntiVirus features are supported by their designated scan modes.

Part1

Replacement Message

Content Disarm

Mobile Malware

Virus Outbreak

Sandbox Inspection

NAC Quarantine

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Flow (hybrid scan)

Yes*

No

Yes

Limited

Yes

Yes

*IPS Engine caches the URL and a replacement message is presented after the second attempt.

Part 2

Archive Blocking

Emulator

Client Comforting

Infection Quarantine

Heuristics

Treat EXE as Virus

Proxy

Yes

Yes

Yes

Yes (1)

Yes

Yes (2)

Flow (hybrid scan)

Yes

Yes

No

Limited

Yes

Yes (2)

  1. Only available on FortiGate models with HDD or when FortiAnalyzer or FortiGate Cloud is connected and enabled.
  2. Only applies to inspection on IMAP, POP3, SMTP, and MAPI protocols.

Feature comparison between Web Filter inspection modes

The following table indicates which Web Filter features are supported by their designated inspection modes.

 

FortiGuard Category-Based Filter

Category Usage Quota

Override Blocked Categories

Search Engines

Static URL Filter

Rating Option

Proxy Option

Web Profile Override

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Flow

Yes (1)

No

Yes (2)

No

Yes

Yes

Limited (3)

No

  1. Local Category and Remote Category filters do not support the warning and authenticate actions.
  2. Local Category and Remote Category filters cannot be overridden.
  3. Only HTTP POST Action is supported.

Feature comparison between Email Filter inspection modes

The following tables indicate which Email Filters are supported by the specified inspection modes for local filtering and FortiGuard-assisted filtering.

Local Filtering

Banned Word Check

Block/Allow List

HELO/ EHLO DNS Check

Return Address DNS Check

DNSBL/ ORBL Check

MIME Header Check

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Flow

Yes

Yes

No

No

No

Yes

FortiGuard-Assisted Filtering

Phishing URL Check

Anti-Spam Block List Check

Submit Spam to FortiGuard

Spam Email Checksum Check

Spam URL Check

Proxy

Yes

Yes

Yes

Yes

Yes

Flow

No

No

No

No

No

Feature comparison between DLP inspection modes

The following table indicates which DLP filters are supported by their designated inspection modes.

 

Credit Card Filter

SSN Filter

Regex Filter

File-Type Filter

File-Pattern Filter

Fingerprint Filter

Watermark Filter

Encrypted Filter

File-Size Filter

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Flow

Yes

Yes

Yes

Yes

Yes

No

No

Yes

Yes*

*File-size filtering only works if file size is present in the protocol exchange.

Inspection mode feature comparison

The following table shows which UTM profile can be configured on a flow mode or proxy mode inspection policy.

Some UTM profiles are hidden in the GUI and can only be configured using the CLI. To configure profiles in a firewall policy in CLI, enable the utm-status setting.

Some profiles might have feature differences between flow-based and proxy-based Inspection. From the GUI and CLI, you can set the Feature set option to be Flow-based or Proxy-based to display only the settings for that mode.

 

Flow Mode Inspection Policy

Proxy Mode Inspection Policy

Feature set option

UTM Profile

GUI

CLI

GUI

CLI

AntiVirus

Yes

Yes

Yes

Yes

GUI/CLI

Web Filter

Yes

Yes

Yes

Yes

GUI/CLI

DNS Filter

Yes

Yes

Yes

Yes

N/A

Application Control

Yes

Yes

Yes

Yes

N/A

Intrusion Prevention System

Yes

Yes

Yes

Yes

N/A

File Filter

Yes

Yes

Yes

Yes

GUI/CLI

Email Filter

Yes

Yes

Yes

Yes

GUI/CLI

Data Leak Prevention

No

Yes

No

Yes

CLI

VoIP

Yes

Yes

Yes

Yes

N/A

ICAP

No

No

Yes

Yes

N/A

Web Application Firewall

No

No

Yes

Yes

N/A

SSL/SSH Inspection

Yes

Yes

Yes

Yes

N/A

The following sections outline differences between flow-based and proxy-based inspection for a security profile.

Feature comparison between AntiVirus inspection modes

The following table indicates which AntiVirus features are supported by their designated scan modes.

Part1

Replacement Message

Content Disarm

Mobile Malware

Virus Outbreak

Sandbox Inspection

NAC Quarantine

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Flow (hybrid scan)

Yes*

No

Yes

Limited

Yes

Yes

*IPS Engine caches the URL and a replacement message is presented after the second attempt.

Part 2

Archive Blocking

Emulator

Client Comforting

Infection Quarantine

Heuristics

Treat EXE as Virus

Proxy

Yes

Yes

Yes

Yes (1)

Yes

Yes (2)

Flow (hybrid scan)

Yes

Yes

No

Limited

Yes

Yes (2)

  1. Only available on FortiGate models with HDD or when FortiAnalyzer or FortiGate Cloud is connected and enabled.
  2. Only applies to inspection on IMAP, POP3, SMTP, and MAPI protocols.

Feature comparison between Web Filter inspection modes

The following table indicates which Web Filter features are supported by their designated inspection modes.

 

FortiGuard Category-Based Filter

Category Usage Quota

Override Blocked Categories

Search Engines

Static URL Filter

Rating Option

Proxy Option

Web Profile Override

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Flow

Yes (1)

No

Yes (2)

No

Yes

Yes

Limited (3)

No

  1. Local Category and Remote Category filters do not support the warning and authenticate actions.
  2. Local Category and Remote Category filters cannot be overridden.
  3. Only HTTP POST Action is supported.

Feature comparison between Email Filter inspection modes

The following tables indicate which Email Filters are supported by the specified inspection modes for local filtering and FortiGuard-assisted filtering.

Local Filtering

Banned Word Check

Block/Allow List

HELO/ EHLO DNS Check

Return Address DNS Check

DNSBL/ ORBL Check

MIME Header Check

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Flow

Yes

Yes

No

No

No

Yes

FortiGuard-Assisted Filtering

Phishing URL Check

Anti-Spam Block List Check

Submit Spam to FortiGuard

Spam Email Checksum Check

Spam URL Check

Proxy

Yes

Yes

Yes

Yes

Yes

Flow

No

No

No

No

No

Feature comparison between DLP inspection modes

The following table indicates which DLP filters are supported by their designated inspection modes.

 

Credit Card Filter

SSN Filter

Regex Filter

File-Type Filter

File-Pattern Filter

Fingerprint Filter

Watermark Filter

Encrypted Filter

File-Size Filter

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Flow

Yes

Yes

Yes

Yes

Yes

No

No

Yes

Yes*

*File-size filtering only works if file size is present in the protocol exchange.