What comes first on FortiGate: routing or security actions?

Today's article is very brief but is something that warrants attention. It starts with a deceptively simple question: when a FortiGate firewall receives network traffic on an interface, what comes next – routing or security actions?

While it's tempting to consider security actions as the immediate next step, it's actually routing. That's right: routing takes place before nearly all security features on the FortiGate. This includes security functions like:

• Policy evaluation
• Deep packet inspection
• Source NAT (SNAT)

Another way to think of it: most FortiGate security functions have a dependency on outgoing interfaces. The firewall needs to know what local interface the traffic would try to leave through before it can decide what security measure to take.

Easy peasy right? For additional info and reference, check out these docs:

FortiGate Packet Flow: Ingress And Egress » Network Interview

FortiGate packet flow is also known as Life of a Packet. This is the process when the packet enters the Ingress interface and exits from the Egress interface.

Network InterviewRashmi Bhardwaj

Packet flow inside a Fortigate

Ingress : Initially as the packet is accepted by the Fortigate, it passes through NETWORK INTERFACE and then the packet is further processed by the TCP/IP stack. TCP/IP STACK Here a four layered process happens TCP/IP Stack As the packet comes here, using different protocols, the data transfer happe

Hepsibha Beulah Vanga

Introduction | Parallel Path Processing (Life of a Packet)

Fortinet docs logo