Transparent Mode; Preventing The Public Interface From Responding To Ping Requests - Fortinet FortiGate FortiGate-3016B Install Manual

Configuring

Transparent mode

Preventing the public interface from responding to ping
requests
FortiGate-3016B, FortiGate-3600A and FortiGate-3810A FortiOS 3.0 MR5 Install Guide
01-30005-0343-20071113
Figure 5: Example NAT/Route mode multiple Internet connection configuration.
Internet
In Transparent mode, the FortiGate unit is invisible to the network. Similar to a
network bridge, all FortiGate interfaces must be on the same subnet. You only
have to configure a management IP address so that you can make configuration
changes. The management IP address is also used for antivirus and attack
definition updates.
You typically use the FortiGate unit in Transparent mode on a private network
behind an existing firewall or behind a router. The FortiGate unit performs firewall
functions, IPSec VPN, virus scanning, IPS web content filtering, and Spam
filtering.
Figure 6: Example Transparent mode configuration.
Internet
(or public switch)
The factory default configuration of your FortiGate unit allows the default public
interface to respond to ping requests. The default public interface is also called
the external interface, and is the interface of the FortiGate unit that is usually
connected to the Internet.

Preventing the public interface from responding to ping requests

Port 2
Port 1
Port 3
Port 4
NAT mode policies controlling
traffic between internal
and external networks.
FortiGate-3600A
Router
Transparent mode policies
controlling traffic between
internal and external networks.
Internal
Network
FortiGate-3600A
Internal
network
31