Configuring
Configuring
Planning the FortiGate configuration
NAT/Route mode
FortiGate-3016B, FortiGate-3600A and FortiGate-3810A FortiOS 3.0 MR5 Install Guide
01-30005-0343-20071113
This section provides an overview of the operating modes of the FortiGate unit.
Before beginning to configure the FortiGate unit, you need to plan how to
integrate the unit into your network. Your configuration plan depends on the
operating mode you select: NAT/Route mode or Transparent mode.
This section includes the following topics:
•
Planning the FortiGate configuration
•
Preventing the public interface from responding to ping requests
•
NAT/Route mode installation
•
Transparent mode installation
•
Next Steps
Before you can configure the FortiGate unit, you need to plan how to integrate the
unit into the network. Among other things, you must decide whether you want the
unit to be visible to the network, which firewall functions you want it to provide,
and how you want it to control the traffic flowing between its interfaces.
Your configuration plan depends on the operating mode you select. You can
configure the FortiGate unit in one of two modes: NAT/Route mode (the default)
or Transparent mode.
You can also configure the FortiGate unit and the network it protects using the
default settings.
In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all
its interfaces are on different subnets.
You can add firewall policies to control whether communications through the
FortiGate unit operates in NAT or Route mode. Firewall policies control the flow of
traffic based on the source address, destination address, and service of each
packet. In NAT mode, the FortiGate unit performs network address translation
before it sends the packet to the destination network. In Route mode, there is no
address translation.
You typically use NAT/Route mode when the FortiGate unit is operating as a
gateway between private and public networks. In this configuration, you would
create NAT mode firewall policies to control traffic flowing between the internal,
private network and the external, public network (usually the Internet).
Note: If you have multiple internal networks, such as a DMZ network in addition to the
internal, private network, you could create route mode firewall policies for traffic flowing
between them.
Planning the FortiGate configuration
29