What a great explanation of Packet Flow. Loved it. Thank you.

Bro! You just saved me a good deal of time as I've been pondering why my custom signatures were not working like how so many people described on the web. Well with your indepth explanation, you made it so clear and gave me a vision and long story short, because the IPS doesn't kick in until after the session is added to the session table, other things could be blocking my packet before it hit the IPS. Which was the case. As soon as I create a policy and put it above all the others and pretty much made it wide open to test, bingo! I can't thank you enough for the work you did, this was wonderful.

Great video. The main reason, why routing has to be done before the FW policy is, that the routing determines the involved interfaces, especially the egress interface which is key to determine the matching policy as we have the incoming (ingress) and outgoing (egress) interfaces, which are mandatory elements for a FW policy. This shows, that routing is key, also in terms of firewall policies. It's a good rule of thumb: "Always check the routing first" when dealing with weird firewall behaviors.

Very nice explanation sir, sharing good knowledge

Sir it's my feedback Really cool and crystal clear session for upcoming TAC engineer of fortigate also information that your gathered show the effort of you thanks a lot sir........

Brother, I always like your Video.No one should dislike it as far as Networking is concerned.

Slow path process :- 1>DNAT , 2> Routing , 3> Policy , 4>SNAT .... 2nd Question answers :- if there will be no routing in that case.. no use of policy lookup .. so by doing routing lookup we are not much consuming CPU Utilization of firewall ... Thank u so much for explaining it :)

Thanks sir, i was trying to understand fortigate packet flow from fortigate page itself but did'nt understand. Your way of explanation is easy to understand, super explanation. Again thanks sir!

Superb bro..well done. much helpful.

Much appreciated, greetings from Vienna

Awesome brother, great explanation, can you make another showing differences between application,dns and web filter. Explaining in detail when to use which filter. Can you explain how SDWAN rules can impact the SNAT selection in policy

good bro ! policy will be the first counter for all the traffic before it moves to NAT and Security

Greeting, Technical_Scoop. extremely picturesque video. thanks. :)

The route is before Policy because after Routing, specify the Policy ,based on the outgoing interface

Wonderful bro its really very informative need more troubleshooting videos ...

From Fortinet documentation. Security Processing Units (SPUs) includes NPUs and CPs. That means there are two types of SPUs, which are NPUs and CPs. Not sure if that is correct

Thank you sir, this video is very helpful

Wonderful Bro !!

Do you have explaination about NTurbo and IPSA? I'm struggling trying to understand that feature.

Fantastic explanation. Could you please share the traffic flow diagram which you explain here.

Sir where in the picture is SD-WAN taking place?

Very helpful 👍, thank you.

Great content!!

Great explanation. Thanks or this knowledge.

In the slow path it checks the DNAT, Routing , Policy Lookup, SNAT

25:10 What is slow path chkng proccess? 1 DNAT 2. ROUTING 3 POLICY 4 SNAT

You king sir! Thank you very much for this Video. If you would have had a good Microphone I would rate this Video 11/10!

Your Explanation was very deep, awezome video. I have a question for you, if i have an specific Firewalls rule at the end, saying ¨Deny any any", and prior that rules execute i have some other App rule (let say office365 for example) the Application control Will not be able to detect the Application because of the "deny" rule it Will not be able to complete the 3way handshake therefore there is no flow to catch? im Right?

how can i enroll for other videos

Love the video! Would it be possible to share the flow chart you made? Want to use it as my background, to have a quick peak when needed.

Good explaination

Very helpful thanks 👏

could you please focus on fast path steps in deep?

Hello Sir. Thank you for the content. But I have one question. Where is the DNAT happening for Fast Path?

Just a Question. You said that every packet gets handeld first by the CPU. But not in the Case of DDos right? Then de SP would block it before passing the traffic to the CPU? Or other related IPS things?

where does urpf happen in packet flow ?

You gained a subsciber thanks for awesome content

Awesome

Hi, Which command I should ran to check this flow of packets on my device

sir thanks ...

excellent

Really nice

Hello , Do you have full Forti gate videos , if nor here on other platform , Please let me know

Thank you

JAI SHREE RAM🙏

Hey, great video. It's possible to share the powerpoint or the images of this presentation. If i try to reach the source image, i got http 404. Thanks in advance.

hello, do you share that power point doc?

If Destination NAT is verified before security policy check then why in WAN to LAN security policy, under Destination Address Public IP is given. why cant we directly give Private IP address. My doubt is not only for Fortigate but also for other firewalls like Sonicwall & Paloalto also.

Pls share the flow chart

sir please upload the flow chart in HD Format

Are you teaching over the Skype or zoom

IPS LOGS, APP LOGS, WEBFILTER Logs are not visible kindly Share the screenshot.

one dislike may be a child when his father watching the video the child could have click it.

25:11 Question Why routing before policy ? Ans Because in an Firewall it has lot of policies it means utilize cpu n latency so it will check first routing its ec and also it's crct path

pls activate windows