Fortigate Transparent mode (Operating in transparent mode)
I hope you are doing great,
Today I was doing a lab in FortiGate firewall in transparent mode, I have seen while configuring it in transparent mode -
config system settings set opmode transparent set manageip 192.168.2.1 255.255.255.0 set gateway 192.168.2.100
After that, I saw that all the policies has been lost after changing the mode NAT to transparent mode.
however, I have gone through FortiGate docs the definition is the of transparent mode -
In Transparent mode, Fortigate Firewall is installed between the internal network and router. I will make you in the below screenshots, and one more thing In transparent mode even I can't configure the network for multiple interface/ IP addresses, could you please make me understand why transparent mode deployed an internal network without subnets and why, please find the below snapshots what I have desinged.
Just to summarize it. Transparent mode does not do any changes to packets, like NAT, it is just forwarding them from one interface to other and inspecting traffic. As said, it is usually installed between 2 routers, where you don't want to change routing, you just want to transparently inspect traffic.
As mentioned by Adrian, transparent mode FortiGate behaves differently compared to NAT mode FortiGate. On Transparent mode FortiGate, the only IP address that you can configure would be a management IP. Most L3 features that are available in NAT mode FortiGate would not be available in Transparent mode. You may refer to the following document for feature comparison:
In which situation do we deploy FortiGate as a transparent mode?
I have gone though below defination -
In transparent mode, the FortiGate is installed between the internal network and the router. In this mode, FortiGate does not make any changes to IP addresses and only applies security scanning to traffic. When a FortiGate is added to a network in transparent mode, no network changes are required, except to provide the FortiGate with a management IP address. transparent mode is used primarily when there is a need to increase network protection but changing the configuration of the network itself is impractical.
but couldn't understand clearly could please make me understand in layman's term?
In layman term, transparent mode FortiGate is like a Layer 2 device. Hence, majority of the layer 3 features would not be available in transparent mode. In L3(NAT) deployment, the outside interface and internal interface IP subnet would need to be assigned with different subnet. However, in transparent mode, the upstream device (ISP Router/Switch and etc) would have the same IP range with the internal hosts. Hence, if you do not want to modify the IP subnet design on the network, that would be when you should use transparent mode FortiGate as it would require you to make no changes on the upstream and downstream devices.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.