High-level list of processes that affect packets

Highlevel list of processes that affect packets

In general packets passing through a FortiGate unit can be affected by the following processes. This is a complete high-level list of all of the processes. Not all packets see all of these processes. The processes a packet encounters depends on the type of packet and on the FortiGate software and hardware configuration.


Ingress packet flow

  • Network Interface
  • TCP/IP stack
  • DoS ACL
  • DoS Policy
  • IP integrity header checking
  • IPsec VPN decryption

Admission Control

  • Quarantine
  • FortiHeartBeat
  • User Authentication


  • Destination NAT
  • Routing
  • Stateful inspection/Policy
  • Lookup/Session management
  • Session Helpers
  • User Authentication
  • Device Identification
  • Local Management Traffic



  • Flow-based inspection
  • NTurbo
  • IPSA
  • Proxy-based inspection


  • Forwarding
  • Source NAT (SNAT)

Egress packet flow

  • IPsec VPN Encryption
  • Botnet check
  • Traffic shaping
  • WAN Optimization
  • TCP/IP stack
  • Network Interface
This entry was posted in FortiOS 5.4 Handbook and tagged on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.