Which inspection mode does FortiGate use for application profiles in a profile-based NGFW?

In a profile-based Next-Generation Firewall (NGFW) configuration, FortiGate utilizes flow-based inspection as the mode for application profiles. This method of inspection is designed to efficiently process traffic by analyzing packet flows instead of individual packets. Flow-based inspection allows the FortiGate unit to maintain state information while performing deep packet inspection within that flow.

By using flow-based inspection, the FortiGate can identify applications more effectively, apply security policies, and conduct other security functions, such as intrusion prevention and antivirus scanning. This approach tends to provide lower latency and higher throughput compared to other inspection methods because it does not require the overhead of establishing separate sessions for each individual packet.

Understanding flow-based inspection is crucial as it enables the firewall to handle more traffic efficiently while still delivering comprehensive threat protection and visibility into application usage. This means that while other inspection methods may have their place, flow-based inspection aligns closely with FortiGate's design for handling bulk and varied traffic in real-time environments, particularly in profile-based settings.