Security scanning occurs in the same manner in NAT mode and Transparent mode. When a protection profile is enabled on a firewall policy for content inspection, the FortiGate acts like a transparent proxy for the protocols that need to be inspected.
The FortiGate will therefore intercept the TCP sessions and create its own session from client to server and server to client. The source and destination MAC addresses of the original L2 frames are however not altered in this communication, as described in the section Network operation : source MAC addresses in frames sent by or through the FortiGate.
|Devices in the network communicating through the FortiGate do not know the presence of the FortiGate.|
For more information about security scanning, see the Security Profileshandbook.