Installing a FortiGate in Transparent mode
|Changing to Transparent mode removes most configuration changes made in NAT/Route mode. To keep your current NAT/Route mode configuration, backup the configuration using the System Information widget, found at System > Dashboard > Status.|
- Before connecting the FortiGate unit to your network, go to System > Dashboard > Status and locate the System Information widget. Beside Operation Mode, select Change.
- Set the Operation Mode to Transparent. Set the Management IP/Netmask and Default Gateway to connect the FortiGate unit to the internal network. Select OK.
- Access the web-based manager by browsing to the new management IP.
- (Optional) The FortiGate unit’s DNS Settings are set to use FortiGuard DNS servers by default, which is sufficient for most networks. However, if you need to change the DNS servers, go to System > Network > DNS and add Primary and Secondary DNS servers. Select Apply.
- If your network uses IPv4 addresses, go to Policy & Objects > Policy > IPv4 and select Create New to add a security policy that allows users on the private network to access the Internet.
If your network uses IPv6 addresses, go to Policy & Objects > Policy > IPv6 and select Create New to add a security policy that allows users on the private network to access the Internet. If the IPv6 menu option is not available, go to System > Config > Features, turn on IPv6, and select Apply. For more information on IPv6 networks, see the IPv6 Handbook.
Set the Incoming Interface to the internal interface and the Outgoing Interface to the Internet-facing interface (typically WAN1). You will also need to set Source Address, Destination Address, Schedule, and Service according to your network requirements. You can set these fields to the default all/ANY settings for now but should create the appropriate objects later after the policies have been verified.
- Make sure the Action is set to ACCEPT. Select OK.
|It is recommended to avoid using any security profiles, such as AntiVirus or web filtering, until after you have successfully installed the FortiGate unit. After the installation is verified, you can apply any required security profiles.
For more information about using security profiles, see the Security Profiles handbook.
- Go to System > Dashboard > Status and locate the System Resources widget. Select Shutdown to power off the FortiGate unit.
Alternatively, you can also use the CLI command
- Connect the FortiGate unit between the internal network and the router.
- Connect the Internet-facing interface to the router’s internal interface and connect the internal network to the FortiGate using an internal port (typically port 1).
- Power on the FortiGate unit. You will experience downtime before the FortiGate unit starts up completely.
Users on the internal network are now able to browse to the Internet. They should also be able to connect to the Internet using any other protocol or connection method that you defined in the security policy.
|If a FortiGate unit operating in Transparent mode is installed between your internet network and a server that is providing a network service to the internal network, such as DNS or DHCP, you must add a wan1-to-internal policy to allow the server’s response to flow through the FortiGate unit and reach the internal network.|