Configuring NAT vs. transparent mode
FortiGate Version 4.0 Desktop Install Guide
01-400-95522-20090501 11
http://docs.fortinet.com/ • Feedback
Configuring
This section provides an overview of the operating modes of the Fortinet unit, NAT/Route
and transparent, and how to configure the unit for each mode. There are two ways you
can configure the unit, through either the web-based manager or the command line
interface (CLI). This section will step through both methods. Use whichever you are most
comfortable with.
This section includes the following topics:
• NAT vs. transparent mode
• Connecting to the FortiGate unit
• Verifying the configuration
• Backing up the configuration
• Restoring a configuration
• Additional configuration
NAT vs. transparent mode
The Fortinet unit can run in two different modes, depending on your network infrastructure
and requirements. You can choose between NAT/Route mode and transparent mode.
Both include the same robust network security features such as antispam, antivirus, VPN
and firewall policies.
NAT mode
In NAT/Route mode, the Fortinet unit is visible to the network. Like a router, all its
interfaces are on different subnets.
In NAT mode, each port is on a different subnet, enabling you to have a single IP address
available to the public Internet. The Fortinet unit performs network address translation
before sending the packet to the destination network or receiving a packet from the
destination network.
In Route mode, there is no address translation.
Figure 1: Fortinet unit in NAT mode
You typically use NAT/Route mode when the Fortinet unit is operating as a gateway
between private and public networks. In this configuration, you would create NAT mode
firewall policies to control traffic flowing between the internal, private network and the
external, public network, usually the Internet.
In this guide, unless otherwise stated, references to NAT mode apply to both NAT and
Route mode.
Internet
Router
External
Transparent mode policies controlling
traffic between internal and external networks
Internal
10.10.10.2 192.168.1.99
Hub or Switch
Internal Network
192.168.1.X
To Next Page
Loading...
Need help?
General