Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Fortigate Transparent mode (Operating in transparent mode)

Hi Everyone,


I hope you are doing great,


Today I was doing a lab in FortiGate firewall in transparent mode, I have seen while configuring it in transparent mode - 

config system settings
set opmode transparent
set manageip
set gateway

After that, I saw that all the policies has been lost after changing the mode NAT to transparent mode.

however, I have gone through FortiGate docs the definition is the of transparent mode -

In Transparent mode, Fortigate Firewall is installed between the internal network and router. I will make you in the below screenshots, and one more thing In transparent mode even I can't configure the network for multiple interface/ IP addresses,  could you please make me understand why transparent mode deployed an internal network without subnets and why, please find the below snapshots what I have desinged.



Even the NAT option is not available here.


Waiting for your response. 


Thank you.




Here is the dedicated document on transparent mode:

Just to summarize it. Transparent mode does not do any changes to packets, like NAT, it is just forwarding them from one interface to other and inspecting traffic. As said, it is usually installed between 2 routers, where you don't want to change routing, you just want to transparently inspect traffic.


Hi @Umesh 


As mentioned by Adrian, transparent mode FortiGate behaves differently compared to NAT mode FortiGate. On Transparent mode FortiGate, the only IP address that you can configure would be a management IP. Most L3 features that are available in NAT mode FortiGate would not be available in Transparent mode. You may refer to the following document for feature comparison:

Kayzie Cheng

Hi Cheng,


In which situation do we deploy FortiGate as a transparent mode? 

I have gone though below defination - 

In transparent mode, the FortiGate is installed between the internal network and the router. In this mode, FortiGate does not make any changes to IP addresses and only applies security scanning to traffic. When a FortiGate is added to a network in transparent mode, no network changes are required, except to provide the FortiGate with a management IP address. transparent mode is used primarily when there is a need to increase network protection but changing the configuration of the network itself is impractical.


but couldn't understand clearly could please make me understand in layman's term?


Thank you


Hi @Umesh 


In layman term, transparent mode FortiGate is like a Layer 2 device. Hence, majority of the layer 3 features would not be available in transparent mode. In L3(NAT) deployment, the outside interface and internal interface IP subnet would need to be assigned with different subnet. However, in transparent mode, the upstream device (ISP Router/Switch and etc) would have the same IP range with the internal hosts. Hence, if you do not want to modify the IP subnet design on the network, that would be when you should use transparent mode FortiGate as it would require you to make no changes on the upstream and downstream devices.

Kayzie Cheng

To make it even more layman's terms:

You can think of a transparent FortiGate as a switch with firewall features.

It has a single (management) IP, should not be doing any routing, and is essentially invisible to network devices unless it is blocking something.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++