Nat/route mode, Transparent mode – Fortinet FortiGate 5001A-SW User Manual

FortiGate-5001A Security System Guide

26

01-30000-83456-20081023

Planning the configuration

Quick Configuration Guide

NAT/Route mode

In NAT/Route mode, the FortiGate-5001A security system is visible to the
networks that it is connected to. Each interface connected to a network must be
configured with an IP address that is valid for that network. In many
configurations, in NAT/Route mode all of the FortiGate interfaces are on different
networks, and each network is on a separate subnet.

You would typically use NAT/Route mode when the FortiGate-5001A security
system is deployed as a gateway between private and public networks. In the
default NAT/Route mode configuration, the FortiGate-5001A security system
functions as a firewall. Firewall policies control communications through the
FortiGate-5001A security system. No traffic can pass through the
FortiGate-5001A security system until you add firewall policies.

In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode.
In NAT mode, the FortiGate firewall performs network address translation before
IP packets are sent to the destination network. In Route mode, no translation
takes place.

Figure 11: Example FortiGate-5001A board operating in NAT/Route mode

Transparent mode

In Transparent mode, the FortiGate-5001A security system is invisible to the
network. All of the FortiGate-5001A interfaces are connected to different
segments of the same network. In Transparent mode you only have to configure a
management IP address so that you can connect to the FortiGate-5001A security
system to make configuration changes and so the FortiGate-5001A security
system can connect to external services such as the FortiGuard Distribution
Network (FDN).

FortiGate-5001A board
in NAT/Route mode

port1

192.168.1.99

NAT mode policies

controlling traffic between

internal and external

networks.

port2

204.23.1.2

Internet

Internal Network