FortiGate-5001A Security System Guide
26
01-30000-83456-20081023
Planning the configuration
Quick Configuration Guide
NAT/Route mode
In NAT/Route mode, the FortiGate-5001A security system is visible to the
networks that it is connected to. Each interface connected to a network must be
configured with an IP address that is valid for that network. In many
configurations, in NAT/Route mode all of the FortiGate interfaces are on different
networks, and each network is on a separate subnet.
You would typically use NAT/Route mode when the FortiGate-5001A security
system is deployed as a gateway between private and public networks. In the
default NAT/Route mode configuration, the FortiGate-5001A security system
functions as a firewall. Firewall policies control communications through the
FortiGate-5001A security system. No traffic can pass through the
FortiGate-5001A security system until you add firewall policies.
In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode.
In NAT mode, the FortiGate firewall performs network address translation before
IP packets are sent to the destination network. In Route mode, no translation
takes place.
Figure 11: Example FortiGate-5001A board operating in NAT/Route mode
Transparent mode
In Transparent mode, the FortiGate-5001A security system is invisible to the
network. All of the FortiGate-5001A interfaces are connected to different
segments of the same network. In Transparent mode you only have to configure a
management IP address so that you can connect to the FortiGate-5001A security
system to make configuration changes and so the FortiGate-5001A security
system can connect to external services such as the FortiGuard Distribution
Network (FDN).
FortiGate-5001A board
in NAT/Route mode
port1
192.168.1.99
NAT mode policies
controlling traffic between
internal and external
networks.
port2
204.23.1.2
Internet
Internal Network