首页 > 代码库 > FGT Inspection Modes

FGT Inspection Modes

Inspection Modes
This topic briefly discusses proxy and flow-based inspection modes. For more information on flow vs. proxy inspection modes on your FortiGate and how they impact web filtering, see Individual Security Profile considerations in the Inspection Modes section.
 
 
Proxy
需要缓存并受到完整的包
Proxy-based inspection involves buffering traffic and examining it as a whole before determining an action. The process of having the whole of the data to analyze allows for the examination of more points of data than the flow-based or DNS methods.
 
The advantage of a proxy-based method is that the inspection can be more thorough than the other methods, yielding fewer false positive or negative results in the data analysis.
优点:检查更彻底
 
 
Flow-based
不需要缓存,不需要接受到完整的包
The flow-based inspection method examines the file as it passes through the FortiGate unit without any buffering. 
As each packet of the traffic arrives it is processed and forwarded without waiting for the complete file or web page.
 
The advantage of the flow-based method is that the user sees a faster response time for HTTP requests and there is less chance of a time-out error due to the server at the other end responding slowly.
优点:HTTP相应更快
 
The disadvantages of this method are: 
(1) there is a higher probability of a false positive or negative in the analysis of the data; and, 
(2) a number of security features that can be used in the proxy-based method are not available in the flow-based inspection method. 
缺点: 很多安全的特性都不能够使用了
 
 
 
http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Web_Filter/Web%20Filter%20Inspection%20Modes.htm

FGT Inspection Modes