Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Suh_Ahamed
New Contributor

Created on ‎12-19-2023 06:47 AM

Transparent Mode

Hello Dears,


We have requirements to configure the firewall without changing the IP addresses on the existing infra.

We have a plan to configure the Firewall in Transparent Mode.

1) The customer has a flat network, From the core switch is the gateways three links are connected to the three different gateway routers with the same subnets.

2)We going to place a  firewall between the core switch (3 LAN  ports ) & ( 3 WAN ports )gateway router, So that each link will connect to the Firewall ports. 

3) The Core switch has different static routes pointing to three different gateway routers.

4) in the Transparent Mode corresponding policy needs to be created along with Mgmt IP 

Does any other layer two loopings will occur in this scenario?

Please share your experiences.

 

Labels:
2119
0 Kudos
14 REPLIES 14
adambomb1219
SuperUser
SuperUser
In response to Suh_Ahamed

Created on ‎12-21-2023 04:24 AM

How is this connected today?  How does the upstream router have two subnets with the same IP?  Are VRFs being used?  

 

I don't think this drawing is possible.

784
0 Kudos
Suh_Ahamed
New Contributor
In response to adambomb1219

Created on ‎12-23-2023 11:13 PM

Hello,

 

This is the Current setup

 

TP MOde-3.png

 

And We are planning for the below

TP MOde-2.png

687
0 Kudos
Suh_Ahamed
New Contributor

Created on ‎12-21-2023 11:08 PM

Dear All,

 

Please share your experiences on the below toplogy with Fortigate Transparent Mode.

In the Transparent Mode the firewall will act a single broadcast domain.

The Switch will do the routing and the Gateway router will be routing/Nating.

Any Layer 2 issues with this scenario

 

 

TP MOde-2.png

 

 

 

706
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to Suh_Ahamed

Created on ‎12-24-2023 03:00 AM

Hello,

 

the existing network is fine and surely will be working, albeit it does have some disadvantages (bandwidth consumption, security etc.).

And yes, a FGT in Transparent mode will fit here. This is _the_ example of why TP mode exists in the first place.

I don't foresee any L2 issues, the FGT will mostly behave like a hub. You should clarify if you can use multiple ports for the WAN side, if not, connect to a switch. I take it that the diagram is not necessarily the physical layout, the routers could just be connected to a common switch as well.

The FGT will do arp by default, for it's management IP address. The ports will not be numbered, i.e. will not have addresses.

Please do provide for UTM measures, like AV, IPS etc.

 

Yes, go ahead. One fine day, when time and money permits, you can re-structure the network to have the FGT as main router, with the same hardware and firmware, allowing for segmentation and other fancy stuff. For now, you plan looks OK to me.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
674
0 Kudos
Suh_Ahamed
New Contributor
In response to ede_pfau

Created on ‎12-26-2023 03:08 AM

Thanks for your response. 

 

We have a plan to connect all three gateway routers to the Firewall an WAN port ( 3 three WAN & one LAN  ports as per the diagram.

 

655
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.