Part 2: Installing a FortiGate Firewall in Transparent mode

Installing a FortiGate Firewall in Transparent mode

The FortiGate next-generation firewalls (NGFW) from Fortinet offer businesses the best defense against web-based network risks, such as intrusion techniques and known and unknowable dangers. 

FortiGate firewalls expand and reinforce an enterprise's entire security efforts from the network edge to the core whether they are deployed on-premise, through virtual hardware, or in the cloud.

Transparent mode
The FortiGate is deployed between the internal network and the router in Transparent mode. The FortiGate does not change IP addresses in this mode and merely does security scanning on traffic.

Fig 1.1- FortiGate Firewall in Transparent mode

When a FortiGate is introduced to a network in Transparent mode, no network modifications are necessary except to assign a management IP address to the FortiGate. Transparent mode is typically used when increased network security is required but modifying the network's configuration is unfeasible.

Installing FortiGate firewalls in Transparent mode

Step 1: Go to the Dashboard and type the following command into the CLI Console before connecting the FortiGate unit to your network:

config system settings
set opmode transparent
set manageip <address and netmask>
set gateway <address>

Step 2: Navigate to the new management IP to access the web-based manager.

Step 3: If your network uses IPv4 addresses, go to Policy & Objects > IPv4 Policy and select Create New to add a security policy that allows users on the private network to access the Internet.

Note: The Outgoing Interface should be set to the Internet-facing interface, and the Incoming Interface should be the internal interface (typically WAN1).

In accordance with your network needs, you must additionally set the Source Address, Destination Address, Schedule, and Service.

For the time being, you can leave these fields set to the all/ANY default values, but you should afterwards build the proper objects when the policies have been validated.

Step 4: Make sure the Action is set to ACCEPT. Select OK

Step 5: Locate the System Resources widget on the Dashboard. To shut down the FortiGate device, choose Shutdown.

Step 6: Connect the FortiGate unit between the internal network and the router

Step 7: Link the router's internal interface to the Internet-facing interface, and then use an internal port to connect the internal network to the FortiGate.

Step 8: Start the FortiGate device. Before the FortiGate device fully starts up, there will be downtime.

Other Articles you may interested in:
Security: FortiGate to SonicWall VPN Tunnel setup - The Network DNA
Site-to-Site IPsec VPN Tunnel with two FortiGate Firewalls - The Network DNA
Default route on FortiGate Firewalls - The Network DNA
Web Filtering on Fortinet Firewalls - The Network DNA
Introduction to Fortinet SDWAN - The Network DNA
Part 1: FortiGate Firewalls Modes - The Network DNA