AnsweredHot!Inspection mode

Author
sims
Gold Member
  • Total Posts : 159
  • Scores: -4
  • Reward points: 0
  • Joined: 2014/06/09 03:26:11
  • Status: offline
2020/09/21 02:12:45 (permalink)
0

Inspection mode

Hi,
Firewall is in   flow mode .
If I change the antivirus inspection mode to proxy mode what is pros and cons 
Thanks 
 
#1
Markus
Expert Member
  • Total Posts : 271
  • Scores: 47
  • Reward points: 0
  • Joined: 2015/03/19 07:30:23
  • Location: Switzerland
  • Status: offline
Re: Inspection mode 2020/09/21 02:42:36 (permalink)
0
Hi, depends on OS Version. It is always helpfull to tell us your FOS Version at minumum, just for another one.

For your question, see https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/100953/inspection-mode-differences-for-antivirus
 
#2
sims
Gold Member
  • Total Posts : 159
  • Scores: -4
  • Reward points: 0
  • Joined: 2014/06/09 03:26:11
  • Status: offline
Re: Inspection mode 2020/09/21 04:13:08 (permalink)
0
Hi ,
sorry for that 
6.0.6 is the version 
 
Thanks
 
#3
Markus
Expert Member
  • Total Posts : 271
  • Scores: 47
  • Reward points: 0
  • Joined: 2015/03/19 07:30:23
  • Location: Switzerland
  • Status: offline
Re: Inspection mode 2020/09/21 04:28:14 (permalink)
0
no prob...
for 6.0.x check https://docs.fortinet.com/document/fortigate/6.0.0/handbook/149549/security-profiles-and-different-modes
 
post edited by Markus - 2020/09/21 04:29:37
#4
sims
Gold Member
  • Total Posts : 159
  • Scores: -4
  • Reward points: 0
  • Joined: 2014/06/09 03:26:11
  • Status: offline
Re: Inspection mode 2020/09/21 23:31:08 (permalink)
0
Hi,
If I want to use proxymode in antivirus profile , do  I need to  change the firewall mode also to proxy ? 
Thanks
#5
Markus
Expert Member
  • Total Posts : 271
  • Scores: 47
  • Reward points: 0
  • Joined: 2015/03/19 07:30:23
  • Location: Switzerland
  • Status: offline
Re: Inspection mode 2020/09/22 00:41:35 (permalink)
0
Hi,

Yes, bevor FOS 6.4, you have to switch the FW to proxy mode. In 6.4 you can decide Flow or Proxy Mode per Policy.
You can easily switch to proxy mode, as this is a "more" feature switch. From proxy to flow, you have to check all policies and utm profiles and switch all profiles to flow, otherwise the policy ends up with no (proxy) utm profiles.

Best
#6
sims
Gold Member
  • Total Posts : 159
  • Scores: -4
  • Reward points: 0
  • Joined: 2014/06/09 03:26:11
  • Status: offline
Re: Inspection mode 2020/09/22 01:21:13 (permalink)
0
Hi,
 
 
Thanks for the reply  
 
Yes, bevor FOS 6.4, you have to switch the FW to proxy mode. In 6.4 you can decide Flow or Proxy Mode per Policy.
 
You can easily switch to proxy mode, as this is a "more" feature switch.
 
You mean I just switch  from  flow to proxy ?
 
From proxy to flow, you have to check all policies and utm profiles and switch all profiles to flow, otherwise the policy ends up with no (proxy) utm profiles.
 
Sorry . I did not get the above part . When we do feature switch  from Proxy to flow  how come the policy ends up with  no utm profiles
 
Currently all my profiles are in flow  mode
 
Thanks
 
 
#7
Markus
Expert Member
  • Total Posts : 271
  • Scores: 47
  • Reward points: 0
  • Joined: 2015/03/19 07:30:23
  • Location: Switzerland
  • Status: offline
Re: Inspection mode 2020/09/22 01:40:00 (permalink) ☄ Helpfulby sims 2020/09/22 03:47:19
0
You mean I just switch  from  flow to proxy ?
YES
Sorry . I did not get the above part . When we do feature switch  from Proxy to flow  how come the policy ends up with  no utm profiles.
If you decide to switch back to flow, you have also to update all policies with proxy profiles (e.g. AV) back to flow profiles. The policy will not loose all UTM, only the proxy based profiles, as they are "incompatible" in flow mode.
#8
sims
Gold Member
  • Total Posts : 159
  • Scores: -4
  • Reward points: 0
  • Joined: 2014/06/09 03:26:11
  • Status: offline
Re: Inspection mode 2020/09/22 02:59:44 (permalink)
0
Hi,
 
As I understand when we switching  from the  flow mode we have to change the antivirus profile also to  proxy mode
When we switch back we have to change the av profile  from proxy to flow mode ?
If yes  why a feature change require  a profile change also
 
Thanks
 
 
 
 
 
 
 
 
#9
Markus
Expert Member
  • Total Posts : 271
  • Scores: 47
  • Reward points: 0
  • Joined: 2015/03/19 07:30:23
  • Location: Switzerland
  • Status: offline
Re: Inspection mode 2020/09/22 04:37:00 (permalink) ☄ Helpfulby sims 2020/09/22 05:00:28
0
Hi,

Not at all, from flow to proxy, you can use profiles in flow or proxy mode.
In flow mode, you can only use flow profiles.
If you are in proxy mode and have, let's say you have a AV proxy mode profile in a policy, and want to switch back to flow, this policy will loose the AV profile assigned and you have to "manual" select a AV flow profile again.

Hope this clarifies it better :)
#10
sims
Gold Member
  • Total Posts : 159
  • Scores: -4
  • Reward points: 0
  • Joined: 2014/06/09 03:26:11
  • Status: offline
Re: Inspection mode 2020/09/22 08:21:55 (permalink)
0
Hi,
 
it clarifies everything  required .
Just to conclude everything ,
Before 6.4    We have to switch the FW to proxy mode  . After switching  we can use profiles in flow or proxy mode.
and want to switch back to flow, this policy will loose the AV profile assigned and you have to "manual" select a AV flow profile
 
From 6.4  We don't need to switch  to PROXY mode . Just change the  flow mode  to  in the profile and assign the profile in the policy 
Please confirm 
Appreciate your help and patience 
Thanks 
post edited by sims - 2020/09/22 10:40:36
#11
Markus
Expert Member
  • Total Posts : 271
  • Scores: 47
  • Reward points: 0
  • Joined: 2015/03/19 07:30:23
  • Location: Switzerland
  • Status: offline
Re: Inspection mode 2020/09/23 00:47:25 (permalink) ☼ Best Answerby sims 2020/09/23 01:55:47
5 (1)
Exactly...
and from 6.4, the proxy/flow mode is selected per policy, yes (you can mix proxy and flow policies)
 
 

Attached Image(s)

#12
Jump to:
© 2020 APG vNext Commercial Version 5.5