Getting started Planning the FortiGate configuration
FortiGate-50A Installation Guide 01-28005-0017-20041101 21
NAT/Route mode
In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its
interfaces are on different subnets. The following interfaces are available in
NAT/Route mode:
• External is the interface to the external network (usually the Internet).
• Internal is the interface to the internal network.
You can add firewall policies to control whether communications through the FortiGate
unit operate in NAT or Route mode. Firewall policies control the flow of traffic based
on the source address, destination address, and service of each packet. In NAT
mode, the FortiGate unit performs network address translation before it sends the
packet to the destination network. In Route mode, there is no address translation.
You typically use NAT/Route mode when the FortiGate unit is operating as a gateway
between private and public networks. In this configuration, you would create NAT
mode firewall policies to control traffic flowing between the internal, private network
and the external, public network (usually the Internet).
Figure 6: Example NAT/Route mode network configuration
Transparent mode
In Transparent mode, the FortiGate unit is invisible to the network. Similar to a
network bridge, all FortiGate interfaces must be on the same subnet. You only have to
configure a management IP address so that you can make configuration changes.
The management IP address is also used for antivirus and attack definition updates.
You typically use the FortiGate unit in Transparent mode on a private network behind
an existing firewall or behind a router. The FortiGate unit performs firewall functions,
IPSec VPN, virus scanning, IPS, web content filtering, and Spam filtering.
Figure 7: Example Transparent mode network configuration
FortiGate-50A Unit
in NAT/Route mode
Internal network
Internal
192.168.1.99
192.168.1.3
External
204.23.1.5
NAT mode policies controlling
traffic between internal and
external networks.
POWER
Internet
INTERNAL EXTERNAL
LINK 100 LINK 100
PWR
STATUS
A
Internal network
10.10.10.3
FortiGate-50A Unit
in Transparent mode
10.10.10.1
Management IP
External
Internal
10.10.10.2
Transparent mode policies
controlling traffic between
internal and external networks
204.23.1.5
(firewall, router)
Gateway to
public network
Internet
INTERNAL EXTERNAL
LINK 100 LINK 100
PWR
STATUS
A
To Next Page
Loading...
