NAT vs. Transparent mode, NAT mode | Fortinet 224B manual


Configuring	NAT vs. Transparent mode

Configuring

This section provides an overview of the operating modes of the FortiGate unit, NAT/Route and Transparent, and how to configure the FortiGate unit for each mode. There are two ways you can configure the FortiGate unit, using the web-based manager or the command line interface (CLI). This section will step through using both methods. Use whichever you are most comfortable with.

This section includes the following topics:

•NAT vs. Transparent mode

•Connecting to the FortiGate unit

•Verify the configuration

•Backing up the configuration

•Additional configuration

NAT vs. Transparent mode

The FortiGate unit can run in two different modes, depending on your network infrastructure and requirements. You have a choice between NAT/Route mode and Transparent mode. Both include the same robust network security features such as antispam, antivirus, VPN and firewall policies.

NAT mode

In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets.

In NAT mode, each port is on a different subnet, enabling you to have a single IP address available to the public Internet. The FortiGate unit performs network address translation before it sends and receives the packet to the destination network.

In Route mode, there is no address translation.

Figure 4: FortiGate unit in NAT mode

Internet	204.23.1.5	192.168.1.99
Internet

Router

NAT mode policies controlling traffic between internal and external networks.

Internal network

192.168.1.20

You typically use NAT/Route mode when the FortiGate unit is operating as a gateway between private and public networks. In this configuration, you would create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network, usually the Internet.

FortiGate-224B FortiOS 3.0 MR6 Install Guide
01-30006-0451-20080815	15

Image 15

Fortinet 224B manual NAT vs. Transparent mode, NAT mode

Contents

Install G U I D E Regulatory compliance Trademarks Contents FortiGate Firmware Advanced configuration Installing firmware from a system reboot using the CLI Testing new firmware before installingIndex Page Register your FortiGate unit Introduction About the FortiGate-224B About this documentDocument conventions Typographic conventions Further Reading Customer service and technical support Fortinet Knowledge CenterComments on Fortinet technical documentation Environmental specifications Installing Grounding Rack mount instructionsMounting Installed mounting brackets To install the FortiGate unit into a rack Plugging in the FortiGate Connecting to the networkTo power on the FortiGate unit To power off the FortiGate unit NAT mode NAT vs. Transparent mode To connect to the web-based manager Connecting to the FortiGate unitTransparent mode Connecting to the web-based manager To connect to the CLI Connecting to the CLI To configure interfaces Go to System Network Interface Configuring NAT modeUsing the web-based manager Configure the interfaces Adding a default route and gateway Configure a DNS server Adding firewall policies To modify the default gateway Go to Router Static Using the CLI To set an interface to use a static addressTo set an interface to use Dhcp addressing To set an interface to use PPPoE addressing To configure DNS server settings To add an outgoing traffic firewall policy To modify the default gateway Configuring Transparent mode Switching to Transparent modeTo switch to Transparent mode Go to System Status Source Address All Destination Interface To switch to Transparent mode Backing up the configuration Verify the configuration Set the time and date Restoring a configurationAdditional configuration Set the Administrator password Updating antivirus and IPS signatures Configure FortiGuard Additional configuration Protection profiles Advanced configuration Firewall policies Firewall policies Antivirus options Configuring firewall policies AntiSpam options Web filtering Logging Downloading firmware FortiGate Firmware Using the web-based manager Upgrading the firmwareReverting to a previous version Backup and Restore from a USB key Using the USB Auto-InstallTo revert to a previous firmware version To upgrade the firmware using the CLI Using the CLI To revert to a previous firmware version using the CLI Execute restore image namestr tftpip4 Execute restore image namestr tftpipv4 Installing firmware from a system reboot using the CLI Press any key to display configuration menu To install firmware from a system reboot To backup configuration using the CLI Restoring the previous configuration Additional CLI Commands for a USB key To restore configuration using the CLITo configure the USB Auto-Install using the CLI To test the new firmware image Testing new firmware before installing Testing new firmware before installing Testing new firmware before installing Index Web filtering 35 web-based manager Page Page