Ok, I' m cutting and pasting from the FG Documentation.
NAT/Route mode In NAT/Route mode, the unit is visible to the network. Like a router, all of its interfaces are on different subnets. The following interfaces are available in NAT/Route mode:[ul]And again from the Documentation...External is the interface to the external network (usually the Internet). Internal is the interface to the internal network. DMZ/HA is the interface to the DMZ network. DMZ/HA can also be connected to other FortiGate-300s if you are installing an HA cluster.[/ul]You can add security policies to control whether communications through the FortiGate unit operate in NAT mode or in route mode. Security policies control the flow of traffic based on each packet’s source address, destination address and service. In NAT mode, the FortiGate performs network address translation before the packet is sent to the destination network. In route mode, no translation takes place. By default, the FortiGate unit has a NAT mode security policy that allows users on the internal network to securely download content from the external network. No other traffic is possible until you have configured more security policies. You would typically use NAT/Route mode when the FortiGate unit is used as a gateway between private and public networks. In this configuration, you would create NAT mode policies to control traffic flowing between the internal, private network and the external, public network (usually the Internet). If you have multiple internal networks, such as a DMZ network in addition to the internal, private network, you could create route mode policies for traffic flowing between them.
Transparent mode In Transparent mode, the FortiGate unit is invisible to the network. Similar to a network bridge, all of FortiGate interfaces must be on the same subnet. You only have to configure a management IP address so that you can make configuration changes. The management IP address is also used for antivirus and attack definition updates. You would typically use the FortiGate unit in Transparent mode on a private network behind an existing firewall or behind a router. The FortiGate unit performs firewalling as well as antivirus and content scanning but not VPN.You can find all this documentation and much more by logging into the support site at http://support.fortinet.com and then clicking on the Technical Documentation link.
In Transparent mode, there' s only Management IP address, not Int, Ext,DMZ,...
So in some case, you must assigh the External Interface and Internal int with the same IP and it will be your FGT' s management IP.
Maybe your system dont work without this configuration!
JBult! You really are FGT expert. Hope get more and more experiences from idol!
Have fun!
JBult! You really are FGT expert. Hope get more and more experiences from idol!Thanks ccsp. I' m certainly no " expert" or anyone' s " idol" . If you keep trying to answer questions the way you are, you' ll get plenty of experience.
