Planning The Fortigate Configuration; Nat/Route Mode - Fortinet FortiGate FortiGate-800 Installation And Configuration Manual
Fortinet network device installation and configuration guide
Hide thumbs
Also See for FortiGate FortiGate-800:
- Administration manual (392 pages) ,
- Install manual (64 pages) ,
- Technical note (12 pages)
Table of Contents
Advertisement
Planning the FortiGate configuration
Planning the FortiGate configuration
NAT/Route mode
36
Before you configure the FortiGate unit, you need to plan how to integrate the unit into
the network. Among other things, you must decide whether you want the unit to be
visible to the network, which firewall functions you want it to provide, and how you
want it to control the traffic flowing between its interfaces.
Your configuration plan depends on the operating mode that you select. The FortiGate
unit can be configured in one of two modes: NAT/Route mode (the default) or
Transparent mode.
In NAT/Route mode, the unit is visible to the network. Like a router, all its interfaces
are on different subnets. The following interfaces are available in NAT/Route mode:
•
External is the interface to the external network (usually the Internet).
•
Internal is the interface to the internal network.
•
DMZ is the interface to the DMZ network.
•
HA is the interface used to connect to other FortiGate-500s if you are installing an
HA cluster
•
Interfaces 1 to 4 can be connected to other networks.
You can add security policies to control whether communications through the
FortiGate unit operate in NAT or Route mode. Security policies control the flow of
traffic based on the source address, destination address, and service of each packet.
In NAT mode, the FortiGate unit performs network address translation before it sends
the packet to the destination network. In Route mode, there is no translation.
By default, the FortiGate unit has a NAT mode security policy that allows users on the
internal network to securely download content from the external network. No other
traffic is possible until you have configured further security policies.
You typically use NAT/Route mode when the FortiGate unit is operating as a gateway
between private and public networks. In this configuration, you would create NAT
mode policies to control traffic flowing between the internal, private network and the
external, public network (usually the Internet).
If you have multiple internal networks, such as a DMZ network in addition to the
internal, private network, you could create route mode policies for traffic flowing
between them.
Figure 4: Example NAT/Route mode network configuration
Internet
FortiGate-800 Unit
in NAT/Route mode
External
204.23.1.5
I N T E R N A L
Esc
Enter
P W R
8
NAT mode policies controlling
traffic between internal and
external networks.
Internal network
Internal
192.168.1.99
E X T E R N A L
D M Z
HA
1
2
3
4
CONSOLE
USB
DMZ
DMZ network
10.10.10.1
Getting started
192.168.1.3
Route mode policies
controlling traffic between
internal networks.
10.10.10.2
Fortinet Inc.
- Quick Links:
- Connecting to the Web-Based Manager
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the FortiGate FortiGate-800 and is the answer not in the manual?