Skip to main content
ss85
ss85
New Member
October 30, 2020
Question

Failure to change opmode from NAT mode to Transparent mode

  • October 30, 2020
  • 2 replies
  • 16017 views

Hi All, 

 

First of all, I'm new to Fortigate. Next is my issue.

I wanted to set my opmode from NAT to transparent. However, i receive command fail message from the CLI. I have no idea what this message means. Did i missed out any steps before i can change the mode? What are the causes or factors which cause the failure. Need advices from any gurus.

 

Below is my CLI command for your reference. 

 

FIREWALL-1 # config vdom FIREWALL-1 (vdom) # edit root current vf=root:0

FIREWALL-1 (root) # config system settings FIREWALL-1 (settings) # FIREWALL-1 (settings) # FIREWALL-1 (settings) # set opmode transparent FIREWALL-1 (settings) # end node_check_object fail! for opmode transparent Attribute 'opmode' value 'transparent' checking fail -651 Command fail. Return code -651

 

By the way, im using Fortinet FG_101E with FortiOS v6.2.3. Hope this helps and awaiting for prompt reply.

Thank you very much.

2 replies

Fullmoon
Fullmoon
New Member
October 30, 2020

seems you forgot to define management ip and gateway as what stated in this link.

https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/463938

 

boneyard
boneyard
Valued Contributor
October 31, 2020

you do not already have a full configuration on this device?

ss85
ss85Author
New Member
November 2, 2020

To Fullmoon, I have already created a management ip and gateway using GUI, in VDOM.

To boneyard, sorry but what do you mean by full configuration?

 

Some background info. My network will not be connected to any internet. I have created an IP for management, an IP for the vdom link and also an IP for the software switch ports, which is connected to other devices and I am able to ping them. Now what I wanted to do is to use the DMZ port to connect to a router port. However, I am unable to create the IP due to an error stating I'm using the same subnet as my management IP. I tried to create a new DMZ interface, but I'm unable to select any ports/interface in GUI as it wasn't shown in the dropdown box. I was thinking if the mode is changed from NAT to Transparent, I might be able to create the ip in default DMZ port.

 

Need advices if possible.

FlorianFlux
FlorianFlux
New Member
November 10, 2020

Hi,

you MUST set the manageIP parametre :

https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/463938

config system settings

set opmode transparent

set manageip 192.168.200.111 255.255.255.0

set gateway 192.168.200.99

end But i do not know why this is needed and when it will be necessary, i just put random IP and that does the job.

 

hope this helps

Terms & ConditionsAccessibility statement