Planning The Fortigate Configuration; Nat/Route Mode Standalone Configuration - Fortinet FortiGate FortiGate-4000 Installation Manual
Fortinet fortigate fortigate-4000: install guide
Hide thumbs
Also See for FortiGate FortiGate-4000:
- Quick start manual (2 pages) ,
- Administration manual (390 pages)
Table of Contents
Advertisement
Getting started
Planning the FortiGate configuration
NAT/Route mode standalone configuration
FortiGate-4000 Installation Guide
Before you configure the FortiGate-4000 units in the FortiGate-4000 chassis, you
need to plan how to integrate them into your network. Among other things, you must
decide whether you want the FortiGate-4000 units to be visible to the network, which
firewall functions you want to provide, and how you want it to control the traffic flowing
between FortiGate-4000 unit interfaces.
This section contains overviews for installing a FortiGate-4000 unit with the following
configurations:
•
NAT/Route mode standalone configuration
•
Transparent mode standalone configuration
•
FortiGate-4000 HA configuration
•
FortiGate-4000 units with external load balancers
In NAT/Route mode standalone configuration, each FortiGate-4000 unit in the
FortiGate-4000 chassis operates as a separate NAT/Route mode FortiGate-4000
antivirus firewall. Each of these FortiGate-4000 units is visible to the network it is
connected to. The internal and external interfaces of each FortiGate-4000 unit must
be on a different subnet.
For each FortiGate-4000 unit, the following interfaces are available for processing
network traffic in NAT/Route mode:
•
External: the interface to the external network (usually the Internet).
•
Internal: the interface to the internal network.
In addition, the 10/100 out of band management interface is available for out of band
management. The out of band management IP address must not be on the same
subnet as the internal or external interfaces.
You can add firewall policies to control whether communications through the
FortiGate-4000 unit operate in NAT or Route mode. Firewall policies control the flow
of traffic based on the source address, destination address, and service of each
packet. In NAT mode, the FortiGate-4000 unit performs network address translation
before it sends the packet to the destination network. In Route mode, there is no
translation.
By default, the FortiGate-4000 unit has a NAT mode firewall policy that allows users
on the internal network to securely download content from the external network. No
other traffic is possible until you have configured further firewall policies.
You typically use NAT/Route mode when the FortiGate-4000 unit is operating as a
gateway between private and public networks. In this configuration, you would create
NAT mode firewall policies to control traffic flowing between the internal, private
network and the external, public network (usually the Internet).
01-28004-0028-20040830
Planning the FortiGate configuration
41
Advertisement
Table of Contents
Need help?
Do you have a question about the FortiGate FortiGate-4000 and is the answer not in the manual?