Why is the user unable to receive a block replacement message when downloading an infected file?

The user is unable to receive a block replacement message when downloading an infected file due to the use of flow-based inspection. In flow-based inspection mode, the FortiGate firewall processes packets in a way that allows for high throughput and low latency. However, this method has limitations regarding how it can manage certain types of traffic, particularly in delivering proper control messages.

When flow-based inspection is employed, if a file is determined to be infected during the download process, the firewall resets the last packet of the connection instead of blocking the file and sending a replacement message. This reset action effectively terminates the download, and the user does not receive a notification or an alternate replacement message that explains the block.

In contrast, if a proxy-based inspection were used, the FortiGate could inspect the file in its entirety before it's delivered to the user. In this mode, once a malicious file is identified, the firewall can provide a block replacement message, informing the user why the download has been interrupted. Thus, for a block replacement message to be issued, proxy-based inspection would be necessary, making flow-based inspection unsuitable for this requirement.

The context around the other options includes various factors that do not directly affect the delivery of the block replacement message as much