Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 5001A-DW, 5001A-SW manual NAT/Route mode, Transparent mode, Internal Network

Models: 5001A-SW 5001A-DW

1 40

Download 40 pages 49.38 Kb

Page 26

NAT/Route mode

Planning the configuration

Quick Configuration Guide

NAT/Route mode

In NAT/Route mode, the FortiGate-5001A security system is visible to the networks that it is connected to. Each interface connected to a network must be configured with an IP address that is valid for that network. In many configurations, in NAT/Route mode all of the FortiGate interfaces are on different networks, and each network is on a separate subnet.

You would typically use NAT/Route mode when the FortiGate-5001A security system is deployed as a gateway between private and public networks. In the default NAT/Route mode configuration, the FortiGate-5001A security system functions as a firewall. Firewall policies control communications through the FortiGate-5001A security system. No traffic can pass through the FortiGate-5001A security system until you add firewall policies.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In NAT mode, the FortiGate firewall performs network address translation before IP packets are sent to the destination network. In Route mode, no translation takes place.

Figure 11: Example FortiGate-5001A board operating in NAT/Route mode

	Internet
NAT mode policies
controlling traffic between
internal and external
networks.	port2	FortiGate-5001A board
	204.23.1.2	in NAT/Route mode

port1

192.168.1.99

Internal Network

Transparent mode

In Transparent mode, the FortiGate-5001A security system is invisible to the network. All of the FortiGate-5001A interfaces are connected to different segments of the same network. In Transparent mode you only have to configure a management IP address so that you can connect to the FortiGate-5001A security system to make configuration changes and so the FortiGate-5001A security system can connect to external services such as the FortiGuard Distribution Network (FDN).

	FortiGate-5001A Security System Guide
26	01-30000-83456-20081023

Image 26

Fortinet 5001A-DW, 5001A-SW manual NAT/Route mode, Transparent mode, Internal Network

Contents

FortiGate-5001A-DW Security System GuideFortiGate-5001A FortiGate-5001A-SWWarnings and cautions Using the web-based manager to configure NAT/Route mode Hardware installationQuick Configuration Guide FortiGate-5001A status LED is flashing during system operationUsing the CLI to configure Transparent mode Configuring Transparent modeUsing the web-based manager to configure Transparent mode Powering off the FortiGate-5001A boardFortiGate-5001A security system Front panel LEDs and connectors FortiGate-5001A security system LEDsTable 1 lists and describes the FortiGate-5001A LEDs FortiGate-5001A Security System GuideFabric backplane communication ConnectorsBase backplane communication AMC modules FortiGate-RTM-XB2Figure 5 FortiGate-ASM-FB4 ASM-FB4Removing a FortiGate-5001A board Resetting a FortiGate-5001A board Hardware installationChanging FortiGate-5001A SW11 switch settings Installing and removing AMC modules TroubleshootingStandalone Mode for FortiGate-5020 no Shelf Manager Changing FortiGate-5001A SW11 switch settingsFactory Default Shelf Manager Required SW11FortiGate-5001A boardtop view FortiGate-5001A Front Faceplate To change or verify the SW11 switch settingLocation of SW Open FortiGate-5001A mounting componentsFigure 9 FortiGate-5001A right bottom mounting components Closed Inserting a FortiGate-5001A board To insert a FortiGate-5001A board into a chassis slotAlignment Pin Handle Unlock HandleAlignment Pin Open Handle Lock 9 Turn both handles to their fully-closed positions Removing a FortiGate-5001A board To remove a FortiGate-5001A board from a chassis slotRemoving a FortiGate-5001A board Inserting AMC slot filler panels Inserting AMC modules Resetting a FortiGate-5001A boardInstalling and removing AMC modules Removing AMC modulesInserting AMC modules To install an AMC slot filler panelInserting AMC slot filler panels To insert an AMC module into a FortiGate-5001A boardRemoving AMC modules To remove an AMC module from a FortiGate-5001A boardFortiGate-5001A does not start up TroubleshootingAll chassis Firmware problem Chassis with a shelf manager no communication with shelf managerFortiGate AMC modules not detected by FortiGate-5001A board To remove and reset an AMC moduleFortiGate-5001A status LED is flashing during system operation Registering your Fortinet product Planning the configuration Quick Configuration GuidePlanning the configuration Choosing the configuration tool Factory default settingsInternal Network NAT/Route modeTransparent mode Internal Network Choosing the configuration toolWeb-based manager Command Line Interface CLI Factory default settingsConfiguring NAT/Route mode 1 Go to System Admin Administrators Using the web-based manager to configure NAT/Route modeTo change the admin administrator password To configure interfaces 1 Go to System Network InterfaceTo configure the Default Gateway Using the CLI to configure NAT/Route modeTo configure the Primary and Secondary DNS server IP addresses 1 Go to System Network OptionsConfiguring Transparent mode Using the web-based manager to configure Transparent modeTo change the management interface 1 Go to System Config Operation Using the CLI to configure Transparent modeTo switch from NAT/Route mode to transparent mode To change the admin administrator passwordTo upgrade the firmware using the CLI To upgrade the firmware using the web-based manager4 Under System Information Firmware Version, select Update Upgrading FortiGate-5001A firmwareFortiGate-5001A base backplane data communication 1 Go to System Network Interface To enable base backplane data communication from the FortiGate-5001Aconfig system global set show-backplane-intf enable end FortiGate-5001A fabric backplane data communication 1 Go to System Network InterfaceTo power off a FortiGate-5001A board Powering off the FortiGate-5001A boardTo enable sending heartbeat packets to the FortiSwitch-5003A FortiGate-5001A board is to remove and reinsert itFortiGate-5001A Security System Guide Powering off the FortiGate-5001A boardQuick Configuration Guide 01-30000-83456-20081023Fortinet documentation Customer service and technical supportFor more information Register your Fortinet productTrademarks Regulatory compliance