The checks performed by a Fortigate unit can be summarized in four different levels of control. If any step inside the different layers containing a blocking rule is met, the data package would be discarded. These levels are as follows:
Ingress: Ingress filtering controls the incoming traffic to protect the network from security risks. Controls related to DOS (Denial of service), IPSEC (IP Security) destination, and routing are performed at the Ingress level.
Stateful Inspection engine: Stateful inspection enables the FortiGate firewall to maintain context with active sessions. If a packet is a part of an existing session, the packet will traverse the device with no additional control. If a packet does not match an existing connection, it will be evaluated according to the firewall rules. The Stateful Inspection engine includes user authentication, traffic shaping, session tracking, and policy lookup.
UTM scanning: FortiGate units are pre-configured...