Skip to main content
Jan_Scholten
Jan_Scholten
New Member
June 22, 2010
Question

Comparison Transparent/Route mode

  • June 22, 2010
  • 5 replies
  • 5965 views
I am looking for a comparison of transparent and route/nat mode. What are the benefits for transparent, what are the drawbacks? Tranbsparent: + easy to implement (no need to change IPs) + supports antivirus, IPS, ... - VPN only to management IP - no dynamic routing (obviviously) NAT/Route mode: + supports antivirus, IPS, ... + acts as gateway, possible to implement redundat routes/interfaces + VPN in interface and or Policy mode + dynamic and policy routing - may need to change IPs, create new IP networks .. .. Is there any other feature transparent FG can' t provide? What do you choose if you can?

    5 replies

    FortiRack_Eric
    FortiRack_Eric
    New Member
    June 22, 2010
    In my opinion you should approach this in another way. Use NAT/Route mode unless you really need transparent mode. Cheers, Eric
    Jan_Scholten
    Jan_ScholtenAuthor
    New Member
    June 22, 2010
    I need some arguments for a a customer who has a transparent fg whether or whether not to switch to nat mode.
    claumakurumure
    claumakurumure
    New Member
    June 22, 2010
    In this case you need to compare the features on the current firewall and the fortigate. Because the reason why they have it in transparent mode maybe because the curent firewall does not support the following. - Webcontent filtering - IPS - Application Control - FSAE - etc So you need to find info on the current firewall in fron of the Fortigate. thanks
    Jan_Scholten
    Jan_ScholtenAuthor
    New Member
    June 22, 2010
    The current firewall is a fortigate and i would like to switch that fortigate to a nat/route modus, just because I " fell better" and i prefer nat/route over transparent. So i just thought there maybe some points i could use to support nat/route
    claumakurumure
    claumakurumure
    New Member
    June 22, 2010
    Hi there, You need to find more info here, there could be an ADSL router in front of the Fortigate or something. In transparent mode the fortigate will not be able to sepeare the Trusted network (LAN) from the Untrusted (intenet) at all. can you give us the sket network diagram maybe there is something that I am missing here. Thank you
    Jan_Scholten
    Jan_ScholtenAuthor
    New Member
    June 22, 2010
    The Fortigate is behind a SDSL and another 3rd PartyFirewall. This should not be changed. So the fortigate is just sitting in thet data stream behind the checkpoint for doing A/V IPS a.s.o. The Fortigtae has a couple of transparent vdoms for placing it in different networks " in front of public server" , " between clients and there gateway" ... It will porbably never do vpn, but may do proxy for http(s) somewhere in the future.
    emnoc
    emnoc
    New Member
    June 23, 2010
    Another drawback with transparent mode, you don' t the option tio do SSL inspection or webproxy which I guess falls under webcontent. Also VPN terminations for the obvious reasons. What are you try todo or gain ? would be my 1st question. I would not place try todo a 1 for 1 match comparison, since each method is used differently to achieve a certain function or purpose.
    Terms & ConditionsAccessibility statement