Fortinet 224B manual NAT vs. Transparent mode, NAT mode

Page 15


Configuring	NAT vs. Transparent mode

Configuring

This section provides an overview of the operating modes of the FortiGate unit, NAT/Route and Transparent, and how to configure the FortiGate unit for each mode. There are two ways you can configure the FortiGate unit, using the web-based manager or the command line interface (CLI). This section will step through using both methods. Use whichever you are most comfortable with.

This section includes the following topics:

•NAT vs. Transparent mode

•Connecting to the FortiGate unit

•Verify the configuration

•Backing up the configuration

•Additional configuration

NAT vs. Transparent mode

The FortiGate unit can run in two different modes, depending on your network infrastructure and requirements. You have a choice between NAT/Route mode and Transparent mode. Both include the same robust network security features such as antispam, antivirus, VPN and firewall policies.

NAT mode

In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets.

In NAT mode, each port is on a different subnet, enabling you to have a single IP address available to the public Internet. The FortiGate unit performs network address translation before it sends and receives the packet to the destination network.

In Route mode, there is no address translation.

Figure 4: FortiGate unit in NAT mode

Internet	204.23.1.5	192.168.1.99
Internet

Router

NAT mode policies controlling traffic between internal and external networks.

Internal network

192.168.1.20

You typically use NAT/Route mode when the FortiGate unit is operating as a gateway between private and public networks. In this configuration, you would create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network, usually the Internet.

FortiGate-224B FortiOS 3.0 MR6 Install Guide
01-30006-0451-20080815	15

Image 15

Contents Install G U I D E Regulatory compliance TrademarksContents FortiGate Firmware Advanced configurationInstalling firmware from a system reboot using the CLI Testing new firmware before installingIndex Page Register your FortiGate unit IntroductionAbout the FortiGate-224B About this documentDocument conventions Typographic conventions Further ReadingCustomer service and technical support Fortinet Knowledge CenterComments on Fortinet technical documentation Environmental specifications InstallingGrounding Rack mount instructionsMounting Installed mounting brackets To install the FortiGate unit into a rackPlugging in the FortiGate Connecting to the networkTo power on the FortiGate unit To power off the FortiGate unitNAT mode NAT vs. Transparent modeTo connect to the web-based manager Connecting to the FortiGate unitTransparent mode Connecting to the web-based managerTo connect to the CLI Connecting to the CLITo configure interfaces Go to System Network Interface Configuring NAT modeUsing the web-based manager Configure the interfacesAdding a default route and gateway Configure a DNS serverAdding firewall policies To modify the default gateway Go to Router StaticUsing the CLI To set an interface to use a static addressTo set an interface to use Dhcp addressing To set an interface to use PPPoE addressing To configure DNS server settingsTo add an outgoing traffic firewall policy To modify the default gatewayConfiguring Transparent mode Switching to Transparent modeTo switch to Transparent mode Go to System Status Source Address All Destination Interface To switch to Transparent mode Backing up the configuration Verify the configurationSet the time and date Restoring a configurationAdditional configuration Set the Administrator passwordUpdating antivirus and IPS signatures Configure FortiGuardAdditional configuration Protection profiles Advanced configurationFirewall policies Firewall policiesAntivirus options Configuring firewall policiesAntiSpam options Web filtering Logging Downloading firmware FortiGate FirmwareUsing the web-based manager Upgrading the firmwareReverting to a previous version Backup and Restore from a USB key Using the USB Auto-InstallTo revert to a previous firmware version To upgrade the firmware using the CLI Using the CLITo revert to a previous firmware version using the CLI Execute restore image namestr tftpip4Execute restore image namestr tftpipv4 Installing firmware from a system reboot using the CLIPress any key to display configuration menu To install firmware from a system rebootTo backup configuration using the CLI Restoring the previous configurationAdditional CLI Commands for a USB key To restore configuration using the CLITo configure the USB Auto-Install using the CLI To test the new firmware image Testing new firmware before installingTesting new firmware before installing Testing new firmware before installing Index Web filtering 35 web-based manager Page Page