Flow vs Proxy

Рет қаралды 16,775

Күн бұрын

Flow vs Proxy
What is the difference between a proxy-based inspection mode and a flow-based inspection mode. find out in this video
An NSE4 training
My Books
---------------------------------
Fortigate Firewall admin pocket Guide e-book
amzn.to/3ns3Y3e
Fortigate Firewall Security Pocket Guide
amzn.to/3ak0rzu
Fortigate Firewall Diagnostics Pocket Guide
amzn.to/3pO9yOl
MY 7 BEST CYBER /INFOSEC BOOKS
------------------------------------------------------------
1. Windows internals part 1
amzn.to/2ZSdKT9
2. Memory forensics
amzn.to/3mwDJcy
3. malware analysis
amzn.to/33JSkc7
4. the art of invisibility
amzn.to/2RD0RIi
5. cryptography and network security
amzn.to/2FQJp0a
6. attacking network protocols
amzn.to/3kttBiY
7. Machine learning and security
amzn.to/35UgGT9
SERVICES I USE ON MY BUSINESS
-----------------------------------------------------------------------------------------------------------------
MY FORTIGATE FIREWALL
amzn.to/33AjEcV
MY SWITCH
Great, 24 port managed switch from TPlink, surprisingly good. tons of features and cheap
amzn.to/3cJZ9yF
USB CONSOLE CABLE
amzn.to/3mrmCZA
GREAT WIFI EXTENDER
amzn.to/3kwpnHo
MY MACBOOK
amzn.to/3kkp2r6
MY HOME ROUTER
amzn.to/2FGi54U
GREAT CAT6 CABLES OFFER
amzn.to/35DF2jN
My Echo Dot
amzn.to/32z5cm3
Bluehost.com ( great service )
www.bluehost.c...
Like My KZbin Channel? I have a 10$ Fortigate Courses on Udemy!
-----------------------------------------
www.udemy.com/...
www.udemy.com/...
Skillshare 2 month free premium membership: skl.sh/2FuhnXI
**Disclaimer: forti tip is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to www.amazon.com.
Join this channel to get access to perks:
/ @fortitip
www.udemy.com/...

Пікірлер: 15

@FortiTip 3 жыл бұрын

Get FortiTip Stickers Here fortitip.creator-spring.com/

@TestTest-un7mn Жыл бұрын

what if the file being downloaded is 100MB? since it is bigger than 10MB, then Fortigate in proxy mode is not able to buffer it??? many thanks.

@FortiTip Жыл бұрын

Hi, you can change the buffer size

@dezejongeman 3 жыл бұрын

finally a great explanation. only thing missing are the benefits and drawbacks of both. now we know the differance, but not what suits us best.

@FortiTip 3 жыл бұрын

Thanks Robert. I may do another one focusing on when to use what. Thankyou

@sportsboy5935 3 жыл бұрын

very good video, if file size is more than 10mb then 49gate will switch to flow based inspection? do you think its good to enable proxy based inspection as it will overwhelm badly firewall and latency to end useres. in whcih cases we enable this feature ? thanks.

@FortiTip 3 жыл бұрын

Thank you. There are features that you must enable proxy in order to have them ( in fortios 6.4 you will see that in the GUI ) , but in general flow based mode should be enough , unless you really need Avery strict security

@sportsboy5935 3 жыл бұрын

@@FortiTip thanks for your reply.

@elamateurtube 2 жыл бұрын

Hello!! TY for clear explanation. What about the others profiles? it is the same as with AV? do ypu have other videos?

@samir455 3 жыл бұрын

Please remove the music that comes at 00:51. It is very annoying. Otherwise great video.

@shakhriyoryorov4980 3 жыл бұрын

Hi. Can I use rules with flow based and proxy based at once?

@nilleftw 2 жыл бұрын

The flow based part is wrong, at least as of 7.2. The last packet is cached. If a virus is detected, the last packet is dropped. Only if the same connection is made again, are you presented with a replacement/block page. From the NSE4 Fortigate Security (7.2) - Antivirus section: "When a virus is detected on a TCP session where some packets have been already forwarded to the receiver, FortiGate resets the connection and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can’t be opened. The IPS engine also caches the URL of the infected file, so that if a second attempt to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again." If the virus is detected at the start of the connection, the IPS engine sends the block replacement message immediately.

@FortiTip 2 жыл бұрын

When I did the video the latest version was 6.2

@MohamedAHMED-if1pb 3 жыл бұрын

Hello, I have question about IPsec site to site, For example if my peer use only public IP for remote , can I for my phase two to encrypt this IP public ? If the partenaire only dacenter that use only public IP . I have to connect to this server (IP pub), how I can do if the peer gateway and my phase 2 have same IP pub ?

@MohamedAHMED-if1pb 3 жыл бұрын

It that possible ? No problem with route or else ?