Which engine handles application control traffic on the next-generation firewall FortiGate?

The application control feature of FortiGate firewalls operates using the Intrusion Prevention System (IPS) engine. This engine is designed to analyze and manage traffic patterns at a deeper level, allowing it to identify and control applications based on their signatures and behaviors, ensuring that unwanted or malicious applications can be blocked, restricted, or monitored.

The IPS engine can inspect traffic flows in real-time, enabling FortiGate to apply policies based on application types rather than just ports or protocols. This approach enhances security as it allows for better enforcement of security policies and compliance requirements, providing granular control over applications that traverse the network.

The other options, while important components of the FortiGate firewall, do not specifically handle application control traffic. The firewall engine primarily manages filtering based on rules and policies, the routing engine is focused on directing data packets through the network, and the web filtering engine is specifically designed for controlling web traffic based on URLs and content categories. Therefore, the IPS engine is the correct choice for handling application control traffic.