Hi team
This is a case for a question, we have a client who wants to implement a Fortigate 100F firewall behind his Cisco Catalyst82000 router...
So, i would like to know if in this case it would be better to use it in transparent mode, since what they specifically need to use are functions like Web Filter and Applitacion control and integrate it with your Active Directory,
at this point can you consider using transparent mode for this? or is NAT mode the best option? What could be the best practice?
The router should be in between the firewall and ISP for routing internet and VPN traffic. The firewall should filter traffic internally and on the internet. I personally like using a firewall for inter-VLAN routing as it’s much easier to control traffic as opposed to access-lists (standard and extended).
Thanks for answer me
I think that in this case what the client wants is to generate the least impact they want to maintain something like that IPS->C8200->Firewall->LAN
Created on 10-17-2023 08:15 AM Edited on 10-17-2023 08:22 AM
Hi @wamendoza
It is a design point of view. However, I think you should keep NAT mode because it will be less operation later when your company wants to change topology, such as removing the Cisco device and using Fortinate facing to ISP, for example.
Hi @wamendoza,
It depends on your network requirement, if NAT is not needed you can use transparent mode. Please refer to the following links to see the differences between NAT and transparent mode:
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/617430/system
https://www.fortinet.com/resources/cyberglossary/transparent-firewall
Regards,
Hi @wamendoza,
This really depends on your network design. Please refer to this document for the comparison "https://docs.fortinet.com/document/fortigate/6.0.0/handbook/354989/nat-mode-and-transparent-mode"
Regards,
Minh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.