Helpful ReplyHot!Changing inspection mode

Author
vishal
Bronze Member
  • Total Posts : 47
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/30 09:03:07
  • Status: offline
2021/06/05 20:38:56 (permalink)
0

Changing inspection mode

Hello All,

I have Fortigate 1100 series firewall in my organisation whose inspection mode is flow base and I want to change to proxy mode.

Need to know what are the precaution need to take before proceeding so that there will be minimal disruption in my network
#1
vishal
Bronze Member
  • Total Posts : 47
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/30 09:03:07
  • Status: offline
Re: Changing inspection mode 2021/06/06 21:34:10 (permalink)
0
Please help
#2
jorge.americo
Bronze Member
  • Total Posts : 40
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/12 06:49:38
  • Location: Bahia/Brasil
  • Status: offline
Re: Changing inspection mode 2021/06/07 11:33:03 (permalink)
0
In theory, there is no problem.
But as a precaution, I advise you that in case of HA, break the HA, and make the change. In case of a problem, just switch traffic to the second box.
#3
vishal
Bronze Member
  • Total Posts : 47
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/30 09:03:07
  • Status: offline
Re: Changing inspection mode 2021/06/07 11:46:37 (permalink)
0
Ok..but my device is standalone. Would I able to change mode without interrupting the traffic
#4
TecnetRuss
Silver Member
  • Total Posts : 54
  • Scores: 20
  • Reward points: 0
  • Joined: 2017/02/27 13:14:44
  • Status: offline
Re: Changing inspection mode 2021/06/07 12:52:09 (permalink) ☄ Helpfulby vishal 2021/06/10 10:08:18
5 (1)
You didn't mention what firmware you're running or what security services you're using.  The answer really depends on your configuration.
 
It's worth noting that Inspection mode in FortiOS 6.4 and later is no longer a global setting but instead is a per-policy setting, so you can technically use both simultaneously, switching, mixing and matching as needed.
 
Assuming you're running FortiOS 6.2 or earlier, Inspection mode differences are covered in detail here:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/721410/about-inspection-modes
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/922096/inspection-mode-feature-comparison
 
Going from Flow Mode to Proxy mode is generally safe because Proxy Mode supports all of the Flow mode inspection policies (see second link).  Generally, the only downside is that it will reduce the performance of your FortiGate a bit.  The more polices and security filtering you're doing the bigger the impact will be.
 
Going from Proxy Mode to Flow mode is trickier.  Flow mode doesn't support features like ICAP inspection or Web Application firewall, and only partially supports e-mail inspection (spam), so if you were already using these features they could get disabled by switching from Proxy to Flow.
 
Changing the inspection mode on 6.2 or earlier interrupts traffic.
 
If you upgrade to 6.4+ (obviously this interrupts traffic), you can change the inspection mode of a policy with minimal disruption (e.g. just change the mode of the policy, or clone the policy, switch the mode on the copy, then move the copy above the original policy).
 
Russ
NSE7
 
#5
vishal
Bronze Member
  • Total Posts : 47
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/30 09:03:07
  • Status: offline
Re: Changing inspection mode 2021/06/09 07:55:28 (permalink)
0
My firmware is 6.6.4 so I think that would not be much effect on my traffic flow.
Thanks man for your suc a beautiful explanation
#6
Jump to:
© 2021 APG vNext Commercial Version 5.5