Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GenX
New Contributor

Created on ‎02-05-2025 05:23 AM Edited on ‎02-05-2025 09:32 AM

Fortigate act as Transparent mode but with Layer 3 capabilities

Hi everyone. I've received a Fortigate 60F for my company. My current setup is: ISP - Core Router - Swtich - PC's

I want to use the Fortigate between the Core Router and the Switch: Core Router - Fortigate - Switch - PC's

The unit will be used for: Antivirus, Antispam, Web Filter, SSL inspection. It will not be used for Routing, NAT, DHCP, VPN.

At the beginning I was thinking to use it in Transparent Mode but this mode will disable many features that I need and the fact that I will not be able to use IP's allowing/denying policies but only ports is not what I want. Then I read about the "Virtual Wire Pair" that as I understood acts like the Transparent mode but has more options, will this mode allow to filter IP's too not only ports? Or maybe in the default NAT mode I can achieve want I want by just configuring it properly ? Will need some support configuring Fortigate for my needs as I'm no familiar with FortiOS. Thank you in advance.

 

forti.jpg

Labels:
283
0 Kudos
2 REPLIES 2
AEK
SuperUser
SuperUser

Created on ‎02-05-2025 07:54 AM

Hi GenX

You use transparent more or virtual wire pair in case you don't want to change L3 configuration, it means FortiGate will be like L2 device.

But where did you find that you will not be able to do IP filter? I used them before and as far as I remember in both cases you can do IP filter.

AEK
AEK
263
0 Kudos
GenX
New Contributor
In response to AEK

Created on ‎02-05-2025 09:27 AM Edited on ‎02-05-2025 09:37 AM

AEK, thank you for you message but I think you got it wrong. Activating Transparent mode will change from Layer 3 to Layer 2.

 

"In the fortigate transparent mode all interface of the Fortigate are on same network and appliance does not do routing or NAT, It just act as L2 Firewall."
"Activating the transparent mode on a firewall takes it from a Layer 3 routing mode into a Layer 2 bridging device."

 

And in Transparent mode you cannot create IP rules/policies, only port rules. Anybody, please prove me wrong if my statement is incorrect. From different sources I've watched you cannot because NAT is disabled in transparent mode.

 

"Transparent mode operates at Layer 2 of the OSI model, which means it doesn't have access to Layer 3 information like IP addresses or routing tables. Consequently, features like NAT, VPN, and certain security features like IP reputation filtering may not be available or fully functional in transparent mode."

243
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.