Differences between NAT/Route and Transparent mode
The differences between NAT/Route mode and Transparent mode include:
Table 110: Differences between NAT/Route and Transparent modes
Features | NAT/Route mode | Transparent mode |
Specific Management IP address required | No | Yes |
Perform Network Address Translation (NAT) | Yes | Yes |
Stateful packet inspection | Yes | Yes |
Layer-2 forwarding | Yes | Yes |
Layer-3 routing | Yes | No |
Unicast Routing / Policy Based routing | Yes | No |
DHCP server | Yes | No |
IPsec VPN | Yes | Yes |
PPTP/L2TP VPN | Yes | No |
SSL VPN | Yes | No |
Security features | Yes | Yes |
VLAN support | Yes | Yes - limited to VLAN trunks. |
Ping servers (dead gateway detection) | Yes | No |
To provide administrative access to a FortiGate unit or VDOM in Transparent mode, you must define a management IP address and a gateway. This step is not required in NAT/Route mode where you can access the FortiGate unit through the assigned IP address of any interface where administrative access is permitted.
If you incorrectly set the Transparent mode management IP address for your FortiGate unit, you will be unable to access your unit through the web-based manager. In this situation, you will need to connect to the FortiGate unit using the console cable and change the settings so you can access the unit. Alternately, if your unit has an LCD panel, you can change the operation mode and interface information through the LCD panel.