Configuring the FortiGate unit Planning the FortiGate configuration
FortiGate-3000 and FortiGate-3600 FortiOS 3.0MR4 Install Guide
01-30004-0270-20070215 33
Figure 7: Example NAT/Route multiple internet connection configuration
Transparent mode
In Transparent mode, the FortiGate unit is invisible to the network. Similar to a
network bridge, all FortiGate interfaces must be on the same subnet. You only
have to configure a management IP address to make configuration changes. The
management IP address is also used for antivirus and attack definition updates.
You typically use the FortiGate unit in Transparent mode on a private network
behind an existing firewall or behind a router. The FortiGate unit performs firewall
functions, IPSec VPN, virus scanning, IPS web filtering, and Spam filtering.
You can connect up to six network segments to the FortiGate unit to control traffic
between these network segments:
Figure 8: Example Transparent mode network configuration.
Internet
External
204.23.1.5
Port 2
10.10.10.2
192.168.1.18
Internal network
Internal
192.168.1.1
Port 1
64.83.32.45
NAT mode policies controlling
traffic between internal
and external networks.
DMZ network
10.10.10.23
Table 10: Transparent mode network segments
FortiGate Unit Internal Interface External
Interface
Other
FortiGate-3000 Internal External Port 1 to 4/HA
FortiGate-3600 Internal External Port 1 to 5/HA
Note: When you are installing a HA cluster, Port 4/HA can connect to other FortiGate-3000
units and Port 5/HA can connect to other FortiGate-3600 units.
Internet
Router
(or public switch)
Gateway to public network
204.23.1.5 10.10.10.2
Internal network
10.10.10.3
10.10.10.1
Managment IP
Transparent mode policies controlling
traffic between internal and external networks.
Internal
External
To Next Page
Loading...
Need help?
General