Using Port Pairing to Simplify Transparent Mode
Once you have successfully installed a FortiGate in Transparent mode, you can use port pairing to simplify the configuration.
When you create a port pair, all traffic accepted by one of the paired interfaces can only exit out the other interface. Restricting traffic in this way simplifies your FortiGate configuration because security policies between these interfaces are pre-configured.
Traffic between port-paired interfaces does not check the bridge table and MAC addresses are not learned. Instead traffic received by one interface in a port pair is forwarded out the other (if allowed by a firewall policy). This makes port pairing useful for unusual topologies where MAC addresses do not behave normally. For example, port paring can be used in a Direct Server Return (DSR) topology where the response MAC address pair may not match the request’s MAC address pair.
- Go to System > Network > Interfaces. Select Create New > Port Pair. Create a port pair that includes both interfaces.
- Go to Policy & Objects > Policy > IPv4. Create two security policy that allow traffic to flow between the interfaces in the port pair (for example, if you are pairing wan1 and Internal, create a wan1-to-Internal policy and an Internal-to-wan1 policy).
Traffic should now be able to flow between the interfaces in the port pair. You can verify this by going to Log & Report > Traffic Log > Forward Traffic.