
Getting started | Planning your FortiGate configuration |
|
|
Transparent mode
In Transparent mode, the FortiGate unit is invisible to the network. Similar to a network bridge, all of FortiGate interfaces must be on the same subnet. You only have to configure a management IP address so that you can make configuration changes. The management IP address is also used for antivirus and attack definition updates.
You would typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewalling as well as antivirus and content scanning but not VPN.
Figure 6: Example Transparent mode network configuration
You can connect up to four network segments to the FortiGate unit to control traffic between these network segments.
•Interface 1 can connect to the internal firewall or router.
•Interface 2 can connect to the external network.
•Interface 3 can connect to another network.
•Interface 4/HA connect to another network. Interface 4/HA can also connect to other
Configuration options
Once you have selected Transparent or NAT/Route mode operation, you can complete your configuration plan, and begin configuring the FortiGate unit.
You can use the
Setup Wizard
If you are configuring the FortiGate unit to operate in NAT/Route mode (the default), the Setup Wizard prompts you to add the administration password and the internal and external interface addresses. Using the wizard, you can also add DNS server IP addresses and a default route for the external interface.
In NAT/Route mode you can also configure the FortiGate to allow Internet access to your internal Web, FTP, or email servers.
If you are configuring the FortiGate unit to operate in Transparent mode, you can switch to Transparent mode from the
41 |