Inspection mode feature comparison

The following table shows which UTM profile can be configured on a flow mode or proxy mode inspection policy.

Some UTM profiles are hidden in the GUI and can only be configured using the CLI. To configure profiles in a firewall policy in CLI, enable the utm-status setting.

Some profiles might have feature differences between flow-based and proxy-based Inspection. From the GUI and CLI, you can set the Feature set option to be Flow-based or Proxy-based to display only the settings for that mode.

 

Flow Mode Inspection Policy

Proxy Mode Inspection Policy

Feature set option

UTM Profile

GUI

CLI

GUI

CLI

AntiVirus

Yes

Yes

Yes

Yes

GUI/CLI

Web Filter

Yes

Yes

Yes

Yes

GUI/CLI

DNS Filter

Yes

Yes

Yes

Yes

N/A

Application Control

Yes

Yes

Yes

Yes

N/A

Intrusion Prevention System

Yes

Yes

Yes

Yes

N/A

File Filter

Yes

Yes

Yes

Yes

GUI/CLI

Email Filter

Yes

Yes

Yes

Yes

GUI/CLI

Data Leak Prevention

No

Yes

No

Yes

CLI

VoIP

Yes

Yes

Yes

Yes

N/A

ICAP

No

No

Yes

Yes

N/A

Web Application Firewall

No

No

Yes

Yes

N/A

SSL/SSH Inspection

Yes

Yes

Yes

Yes

N/A

The following sections outline differences between flow-based and proxy-based inspection for a security profile.

Feature comparison between Antivirus inspection modes

The following table indicates which Antivirus features are supported by their designated scan modes.

Part1

Replacement Message

Content Disarm

Mobile Malware

Virus Outbreak

Sandbox Inspection

NAC Quarantine

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Flow

Yes*

No

Yes

Yes

Yes

Yes

*IPS Engine caches the URL and a replacement message is presented after the second attempt.

Part 2

Archive Blocking

Emulator

Client Comforting

Infection Quarantine

Heuristics

Treat EXE as Virus

Proxy

Yes

Yes

Yes

Yes (1)

Yes

Yes (2)

Flow

Yes

Yes

No

Yes

Yes

Yes (2)

  1. Only available on FortiGate models with HDD or when FortiAnalyzer or FortiGate Cloud is connected and enabled.
  2. Only applies to inspection on IMAP, POP3, SMTP, and MAPI protocols.

Part 3

External Blocklist

EMS Threat Feed

AI/ML Based Detection

Proxy

Yes

Yes

Yes

Flow

Yes

No

Yes

Feature comparison between Web Filter inspection modes

The following table indicates which Web Filter features are supported by their designated inspection modes.

 

FortiGuard Category-Based Filter

Category Usage Quota

Override Blocked Categories

Search Engines

Static URL Filter

Rating Option

Proxy Option

Web Profile Override

Proxy

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes