Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 60B manual Configuring, NAT vs. Transparent mode, NAT mode, Additional configuration

Models: 60B

1 66

Download 66 pages 46.82 Kb

Page 15

Configuring


Configuring	NAT vs. Transparent mode

Configuring

This section provides an overview of the operating modes of the FortiGate unit, NAT/Route and Transparent, and how to configure the FortiGate unit for each mode. There are two ways you can configure the FortiGate unit, using the web-based manager or the command line interface (CLI). This section will step through using both methods. Use whichever you are most comfortable with.

This section includes the following topics:

•NAT vs. Transparent mode

•Connecting to the FortiGate unit

•Verify the configuration

•Backing up the configuration

•Additional configuration

NAT vs. Transparent mode

The FortiGate unit can run in two different modes, depending on your network infrastructure and requirements. You have a choice between NAT/Route mode and Transparent mode. Both include the same robust network security features such as antispam, antivirus, VPN and firewall policies.

NAT mode

In NAT/Route mode, the FortiGate unit is visible to the network. Like a router, all its interfaces are on different subnets.

In NAT mode, each port is on a different subnet, enabling you to have a single IP address available to the public Internet. The FortiGate unit performs network address translation before it sends and receives the packet to the destination network.

In Route mode, there is no address translation.

Figure 2: FortiGate unit in NAT mode

Internet	204.23.1.5	192.168.1.99
Internet

Router

NAT mode policies controlling traffic between internal and external networks.

Internal network

192.168.1.20

You typically use NAT/Route mode when the FortiGate unit is operating as a gateway between private and public networks. In this configuration, you would create NAT mode firewall policies to control traffic flowing between the internal, private network and the external, public network, usually the Internet.

FortiGate-60B FortiOS 3.0 MR6 Install Guide
01-30006-0446-20080910	15

Image 15

Fortinet 60B manual Configuring, NAT mode, NAT vs. Transparent mode Connecting to the FortiGate unit

Contents

FortiGate-60B FortiOS 3.0 MR6 I N S T A L L G U I D EFortiGate-60B Install Guide TrademarksRegulatory compliance Customer service and technical support ContentsInstalling ConfiguringVerify the configuration Advanced configurationConfiguring the modem interface Configuring Transparent modeTesting new firmware before installing Configuring the PCMCIA modem cardUsing the web-based manager Installing firmware from a system reboot using the CLIContents FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 Register your FortiGate unit IntroductionAbout the FortiGate-60B About this documentDocument conventions FortiGate QuickStart Guide FortiGate Administration GuideFurther Reading Typographic conventionsFortiGate High Availability User Guide Customer service and technical supportFortinet Knowledge Center Comments on Fortinet technical documentationPlugging in the FortiGate Plugging in the FortiGate InstallingEnvironmental specifications Environmental specifications Cautions and warningsCautions and warnings GroundingRack mount instructions Plugging in the FortiGate Connecting to the networkTo power on the FortiGate unit To power off the FortiGate unit01-30006-0446-20080910 FortiGate-60B FortiOS 3.0 MR6 Install GuideInstalling Turning off the FortiGate unitNAT vs. Transparent mode Connecting to the FortiGate unit ConfiguringNAT vs. Transparent mode NAT modeTo connect to the web-based manager Connecting to the FortiGate unitTransparent mode Connecting to the web-based managerTo connect to the CLI Connecting to the CLITo configure interfaces 1 Go to System Network Interface Configuring NAT modeUsing the web-based manager Configure the interfacesConfigure a DNS server Adding a default route and gatewayTo configure DNS server settings 1 Go to System Network Options To add an incoming traffic firewall policy 1 Go to Firewall Policy To modify the default gateway 1 Go to Router StaticAdding firewall policies To add an outgoing traffic firewall policy 1 Go to Firewall PolicyTo set an interface to use DHCP addressing Using the CLIFor details, see the FortiGate Administration Guide To set an interface to use a static addressTo configure DNS server settings config system interface edit external set mode pppoeset username namestr set password psswrd set ipunnumbered ipaddress set defaultgw enable disable set dns-server-override enable disableAdding firewall policies Configuring Transparent modeTo modify the default gateway To add an outgoing traffic firewall policyConfigure a DNS server Switching to Transparent modeTo switch to Transparent mode 1 Go to System Status Using the web-based managerTo add an outgoing traffic firewall policy 1 Go to Firewall Policy To switch to Transparent modeUsing the CLI Switching to Transparent modeTo add an outgoing traffic firewall policy Configure a DNS serverTo configure DNS server settings Adding firewall policies1 Go to System Maintenance Backup & Restore Verify the configurationBacking up the configuration To back up the FortiGate configurationTo restore the FortiGate configuration Restoring a configurationAdditional configuration Set the Administrator passwordTo update antivirus definitions and IPS signatures Configure FortiGuardTo change the administrator password 1 Go to System Admin Administrators01-30006-0446-20080910 Additional configurationFortiGate-60B FortiOS 3.0 MR6 Install Guide ConfiguringAntiSpam options Web filtering Logging Advanced configurationProtection profiles Protection profiles Firewall policies Antivirus optionsFirewall policies Antivirus options Configuring firewall policiesAntiSpam options Web filtering Logging Selecting a modem mode Configuring modem settings Configuring the modem interfaceSelecting a modem mode Redundant modeStand alone mode Configuring modem settings4 Enter the settings for Dial-up Account 1 settings To configure modem settings 1 Go to System Network ModemYou can configure and use the modem in NAT/Route mode only 2 Select Enable Modem 3 Change any of the dial-up connection settingsSyntax Configuring the modem using the CLIConfiguring the modem using the CLI Configuring the modem interfaceDefault FortiGate-60B FortiOS 3.0 MR6 Install GuideKeywords and variables Configuring the modem using the CLIDefault FortiGate-60B FortiOS 3.0 MR6 Install Guide01-30006-0446-20080910 ExampleConfiguring the modem interface FortiGate-60B FortiOS 3.0 MR6 Install GuideTo add a ping server to an interface To modify the dead gateway detection settingsAdding a Ping Server Dead gateway detectionTo configure the modem 1 Go to System Network Modem Administrative access through the modem portConfiguring the PCMCIA modem card To enable administrative access on the modem interfacewhere 5555 is the pin provided to you by your ISP 8 Select Apply FortiGate Firmware Downloading firmware Using the web-based manager Using the CLIInstalling firmware from a system reboot using the CLI Testing new firmware before installingUpgrading the firmware Using the web-based managerTo upgrade the firmware 4 Under System Information Firmware Version, select Update1 Go to System Maintenance Backup and Restore Backup and Restore from a USB keyUsing the USB Auto-Install To backup configurationexecute ping Using the CLITo configure the USB Auto-Install To upgrade the firmware using the CLITo revert to a previous firmware version using the CLI execute restore image namestr tftpip4execute restore image image.out execute update-nowWhere namestr the IP address of the imagev28.out and Installing firmware from a system reboot using the CLIInstalling firmware from a system reboot using the CLI To install firmware from a system rebootTo backup configuration using the CLI Restoring the previous configurationconfig system interface edit interface set ip addressip4mask set allowaccess pinghttpssshtelnethttp endUsing the USB Auto-Install Additional CLI Commands for a USB keyTo restore configuration using the CLI To configure the USB Auto-Install using the CLITo test the new firmware image Testing new firmware before installingTesting new firmware before installing FortiGate Firmware Testing new firmware before installingFortiGate-60B FortiOS 3.0 MR6 Install Guide 01-30006-0446-2008091001-30006-0446-20080910 IndexFortiGate-60B FortiOS 3.0 MR6 Install Guide IndexPage FortiGate-60B FortiOS 3.0 MR6 Install Guide Index01-30006-0446-20080910 FortiGate-60B FortiOS 3.0 MR6 Install Guide Index01-30006-0446-20080910 FortiGate-60B FortiOS 3.0 MR6 Install Guide Index01-30006-0446-20080910 FortiGate-60B FortiOS 3.0 MR6 Install Guide Index01-30006-0446-20080910