Fortinet FortiGate-5001FA2 manual NAT/Route mode, Transparent mode

Page 22

Planning the configuration

Quick Configuration Guide

NAT/Route mode

In NAT/Route mode, the FortiGate-5001FA2 security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. In many configurations, in NAT/Route mode all of the FortiGate interfaces are on different networks, and each network is on a separate subnet.

You would typically use NAT/Route mode when the FortiGate-5001FA2 security system is deployed as a gateway between private and public networks. In the default NAT/Route mode configuration, the FortiGate-5001FA2 security system functions as a firewall. Firewall policies control communications through the FortiGate-5001FA2 security system. No traffic can pass through the FortiGate-5001FA2 security system until you add firewall policies.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In NAT mode, the FortiGate firewall performs network address translation before IP packets are sent to the destination network. In Route mode, no translation takes place.

Figure 7: Example FortiGate-5001FA2 board operating in NAT/Route mode

 

Internet

 

NAT mode policies

 

 

NAT mode policies

controlling traffic between

port2

 

controlling traffic between

internal and external

FortiGate-5001FA2 module

internal and external

networks.

204.23.1.2

in NAT/Route mode

networks.

 

USB

1

2

3

4

5

6

7

8

 

CONSOLE

 

 

 

 

 

 

 

 

 

PWR ACC

 

 

 

 

 

 

 

STA IPM

Internal

port1

 

 

 

port3

 

 

 

Internal

192.168.1.99

 

 

 

10.10.10.1

 

network

 

 

 

 

 

 

 

 

network

Route mode policies controlling traffic between Internal networks.

Transparent mode

In Transparent mode, the FortiGate-5001FA2 security system is invisible to the network. All of the FortiGate-5001FA2 interfaces are connected to different segments of the same network. In Transparent mode you only have to configure a management IP address so that you can connect to the FortiGate-5001FA2 security system to make configuration changes and so the FortiGate-5001FA2 security system can connect to external services such as the FortiGuard Distribution Network (FDN).

 

FortiGate-5001FA2 Security System Guide

22

01-30000-0379-20080606

Page 21 Page 23
Image 22
Page 21 Page 23
Contents C u r i t y S y s t e m G u i d e Page Contents For more information FortiGate-5001FA2 security system Front panel LEDs and connectors LEDsConnectors Accelerated packet forwarding and policy enforcementBase backplane gigabit communication FA2 interfaces and active-active HA performanceTo install FortiGate-5001FA2 RAM DIMMs RAM DIMMsInstalling SFP transceivers Location of FortiGate-5001FA2 RAM Dimm slotsChanging FortiGate-5001FA2 jumper settings To install SFP transceiversFortiGate-5001FA2 jumper settings To change or verify the JP3 jumper setting Inserting a FortiGate-5001FA2 board into a chassisClosed Insertion procedureBefore inserting the FortiGate-5001FA2 board in a chassis OpenHandle Unlock FortiGate-5001FA2 normal operating LEDs Removing a FortiGate-5001FA2 board from a chassis All chassis left handle not contacting power switch TroubleshootingFortiGate-5001FA2 does not startup Location of FortiGate-5001FA2 power switch All chassis Firmware problem FortiGate-5001FA2 cannot display chassis informationPlanning the configuration Registering your Fortinet productNAT/Route mode Transparent modeCommand Line Interface CLI Choosing the configuration toolWeb-based manager Factory default settings Configuring NAT/Route modeTo configure interfaces Go to System Network Interface Using the web-based manager to configure NAT/Route modeTo configure the Default Gateway Using the CLI to configure NAT/Route mode Config system interface edit port2Using the web-based manager to configure Transparent mode Configuring Transparent modeTo switch from NAT/Route mode to transparent mode Upgrading FortiGate-5001FA2 firmware Using the CLI to configure Transparent modeTo upgrade the firmware using the web-based manager Go to System StatusUnder System Information Firmware Version, select Update To upgrade the firmware using the CLIFortiGate-5001FA2 base backplane data communication Powering off the FortiGate-5001FA2 board To power off a FortiGate-5001FA2 boardPowering off the FortiGate-5001FA2 board Fortinet documentation Customer service and technical supportRegister your Fortinet product Trademarks Regulatory compliance
Top Page Image Contents