Part 1: FortiGate Firewalls Modes

FortiGate Firewalls Modes

The FortiGate next-generation firewalls (NGFW) from Fortinet offer businesses the best defense against web-based network risks, such as intrusion techniques and known and unknowable dangers. 

FortiGate firewalls expand and reinforce an enterprise's entire security efforts from the network edge to the core whether they are deployed on-premise, through virtual hardware, or in the cloud.

Modes of FortiGate Firewalls

  • Transparent
  • NAT/Route mode.

Transparent mode
The FortiGate is deployed between the internal network and the router in Transparent mode. The FortiGate does not change IP addresses in this mode and merely does security scanning on traffic.

Fig 1.1- FortiGate Firewalls in Transparent Mode

When a FortiGate is introduced to a network in Transparent mode, no network modifications are necessary except to assign a management IP address to the FortiGate. Transparent mode is typically used when increased network security is required but modifying the network's configuration is unfeasible.

NAT/Route mode
A FortiGate unit is placed as a gateway or router between two networks in NAT/Route mode. This enables the FortiGate to conceal the private network's IP addresses using network address translation (NAT).

Fig 1.2- FortiGate Firewalls in NAT/Route Mode

Note: Most configuration modifications performed in NAT/Route mode are erased when you switch to Transparent mode.

Backup your current NAT/Route mode setup using the System Information widget, which can be located on the Dashboard.

Other Articles you may interested in:
Security: FortiGate to SonicWall VPN Tunnel setup - The Network DNA
Site-to-Site IPsec VPN Tunnel with two FortiGate Firewalls - The Network DNA
Default route on FortiGate Firewalls - The Network DNA
Web Filtering on Fortinet Firewalls - The Network DNA
Introduction to Fortinet SDWAN - The Network DNA