42 01-28004-0028-20040830 Fortinet Inc.
Planning the FortiGate configuration Getting started
Figure 18: Example NAT/Route mode standalone network configuration
Transparent mode standalone configuration
In Transparent mode standalone configuration, each FortiGate-4000 unit in the
FortiGate-4000 chassis operates as a separate Transparent mode FortiGate-4000
antivirus firewall. Each of these FortiGate-4000 unit is invisible to the network. Similar
to a network bridge, the FortiGate internal and external interfaces must be on the
same subnet. You only have to configure a management IP address so that you can
make configuration changes. The management IP address is also used for antivirus
and attack definition updates.
In addition, the 10/100 out of band management interface is available for out of band
management. The out of band management IP address must not be on the same
subnet as the management IP address.
You typically use a FortiGate-4000 unit in Transparent mode on a private network
behind an existing firewall or behind a router. The FortiGate-4000 unit performs
firewall functions as well as antivirus and content scanning but not VPN.
The following interfaces are available in Transparent mode:
• External: the interface to the external network (usually the Internet).
• Internal: the interface to the internal network.
Figure 19: Example Transparent mode standalone network configuration
Internal network
192.168.1.3
External
204.23.1.5
NAT mode policies controlling
traffic between internal and
external networks.
Internet
FortiGate-4000 unit
in NAT/Route mode
Internal
192.168.1.99
POWER ON/OFF
LAN 1 LAN 2
PWR/KVMSTATUS
KVM/ACCESS
Internal network
192.168.1.3
204.23.1.5
Transparent mode policies controlling
traffic between internal and
external networks.
Internet
FortiGate-4000 unit
in Transparent mode
Internal
192.168.1.2
Management IP
192.168.1.1
External
(Firewall, router)
Gateway to
public newtwork
POWER ON/OFF
LAN 1 LAN 2
PWR/KVMSTATUS
KVM/ACCESS
To Next Page
Loading...
