Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate policy questions

Dear All, 


       I'm new in fortigate firewall, and i have a simple question would like to ask regarding on fortigate 100F firewall, and the firewall now are behind a internet gateway. i want to make use of the fortigatae to act a internal firewall, the wan port connect to dmz switch ( and lan port connect to core switch (, so that i can create policy from wan to lan, and lan to wan with security profile ? is this design look correct to you ? and if this look correct, can i use for example create a lan switch (name external) and add interface port 1 connect to dmz switch, and create another lan switch (name internal) and add interface port 10 and connect to core switch ? and create policy from external to internal and internal to external ? or i must use wan port instead ? and if the fortigate are in transparent mode it can not achieve above ? any help would be appreicated 




Hi @keithli 

  • It is not mandatory to use WAN port for WAN connection, you can use port1 as well
  • Why you want to create switch interfaces to connect to your internal and external switches? This is not mandatory in your case and only needed for some specific configurations
  • I think NAT mode is better than transparent mode (if you have choice) since it offers more features. Transparent mode is specially useful in some cases when you don't want or can't insert a L3 routing device in your network

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors