Installing a FortiGate in transparent mode

note icon Changing to transparent mode removes most configuration changes made in NAT mode. To keep your current NAT mode configuration, backup the configuration using the System Information widget, found in the Dashboard.
  1. Before connecting the FortiGate to your network, go to the Dashboard and locate enter the following command into the CLI Console:

    config system settings
    set opmode transparent
    set manageip <address and netmask>

    set gateway <address>

  2. Access the web-based manager by browsing to the new management IP.
  3. (Optional) The FortiGate’s DNS Settings are set to use FortiGuard DNS servers by default, which is sufficient for most networks. However, if you need to change the DNS servers, go to Network > DNS and add Primary and Secondary DNS servers. Select Apply.
  4. If your network uses IPv4 addresses, go to Policy & Objects > IPv4 Policy and select Create New to add a security policy that allows users on the private network to access the Internet.

    If your network uses IPv6 addresses, go to Policy & Objects > IPv6 Policy and select Create New to add a security policy that allows users on the private network to access the Internet. If the IPv6 menu option is not available, go to System > Feature Visibility, turn on IPv6, and select Apply. For more information on IPv6 networks, see the IPv6 Handbook.

    Set the Incoming Interface to the internal interface and the Outgoing Interface to the Internet-facing interface (typically WAN1). You will also need to set Source Address, Destination Address, Schedule, and Service according to your network requirements. You can set these fields to the default settings for now but should create the appropriate objects later after the policies have been verified.
  5. Make sure the Action is set to ACCEPT. Select OK.
note icon It is recommended to avoid using any security profiles, such as AntiVirus or web filtering, until after you have successfully installed the FortiGate. After the installation is verified, you can apply any required security profiles.

For more information about using security profiles, see the Security Profiles handbook.
  1. Go to the Dashboard and locate the System Resources widget. Select Shutdown to power off the FortiGate.
    Alternatively, you can also use the CLI command execute shutdown.
  2. Connect the FortiGate between the internal network and the router.
  3. Connect the Internet-facing interface to the router’s internal interface and connect the internal network to the FortiGate using an internal port (typically port 1).
  4. Power on the FortiGate. You will experience downtime before the FortiGate starts up completely.

Users on the internal network are now able to browse to the Internet. They should also be able to connect to the Internet using any other protocol or connection method that you defined in the security policy.

note icon If a FortiGate operating in transparent mode is installed between your internet network and a server that is providing a network service to the internal network, such as DNS or DHCP, you must add a wan1-to-internal policy to allow the server’s response to flow through the FortiGate and reach the internal network.