Transparent Mode - Fortinet FortiGate FortiGate-1000 Install Manual

Configuring the FortiGate unit

Transparent mode

FortiGate-200, FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-1000 FortiOS 3.0 MR4 Install Guide
01-30004-0267-20070215
Figure 10: NAT/Route multiple internet connection for a FortiGate-300.
External
204.23.1.5
Internet
DMZ
64.83.32.45
In Transparent mode, the FortiGate unit is invisible to the network. Similar to a
network bridge, all FortiGate interfaces must be on the same subnet. You only
have to configure a management IP address so that you can make configuration
changes. The management IP address is also used for antivirus and attack
definition updates.
You typically use the FortiGate unit in Transparent mode on a private network
behind an existing firewall or behind a router. The FortiGate unit performs firewall
functions, IPSec VPN, virus scanning, IPS web filtering, and Spam filtering.
You can connect several network segments to the FortiGate unit to control traffic
between these network segments. Depending on the FortiGate unit, you can
connect up to twelve network segments.
Table 13: Transparent mode network segments
FortiGate Unit Internal Interface
FortiGate-200 Internal
FortiGate-300 Internal
FortiGate-400 Port 1
FortiGate-500 Internal
FortiGate-1000 Internal
Figure 11: Example Transparent mode configuration for a FortiGate-500.
Gateway to public network
204.23.1.5 10.10.10.2
Internet
Router
Planning the FortiGate configuration
Internal
FortiGate-300 unit
in NAT/Route mode
NAT policies controlling
traffic between internal
and external networks.
External Interface
External
External
Port 2
External
External
FortiGate-500 unit
in Transparent mode
Internal
External
10.10.10.1
Management IP
Policies controlling traffic between
internal and external networks.
Internal
network
192.168.1.3
Other
DMZ
DMZ
HA
Port 3
Port 4/HA
DMZ
HA
Ports 1 to 8
Port 1
Port 2
Port 3
Port 4/HA
Internal Network
10.10.10.3
33