Support User Manuals

Fortinet FortiGate 4000 Switch User Manual

Open as PDF

of 332

Getting started Planning the FortiGate configuration

FortiGate-4000 Installation and Configuration Guide 55

You typically use a FortiGate-4000 unit in Transparent mode on a private network

behind an existing firewall or behind a router. The FortiGate-4000 unit performs

firewall functions as well as antivirus and content scanning but not VPN.

The following interfaces are available in Transparent mode:

• External: the interface to the external network (usually the Internet).

• Internal: the interface to the internal network.

Figure 18: Example Transparent mode standalone network configuration

FortiGate-4000 HA configuration

Using HA, you can group two or more FortiGate-4000 units into an HA cluster. The HA

cluster can operate in active-active mode or active-passive mode.

An active-active HA cluster can increase virus scanning throughput by using load

balancing to distribute virus scanning to all of the FortiGate units in the cluster.

An active-passive HA cluster provides failover so that if a functioning FortiGate-4000

unit fails, processing is transferred to another FortiGate-4000 unit in the cluster

without interrupting network service.

Once the FortiGate-4000 units are added to the HA cluster, the cluster functions on

your network as a single FortiGate-4000 unit with one internal interface, one external

interface, and one out of band management IP address. The cluster manages

communication and load balancing between the FortiGate-4000 units in the cluster.

Because you can install up to 10 FortiGate-4000 units in a single FortiGate-4000

chassis, you can configure multiple HA clusters. Each FortiGate-4000 unit can only

belong to one cluster.

You can operate an HA cluster in NAT/Route or Transparent mode. A single

FortiGate-4000 chassis can contain clusters operating in NAT/Route mode and

clusters operating in Transparent mode. For more information on HA, see “High

availability” on page 81.

Internal network

192.168.1.3

204.23.1.5

Transparent mode policies controlling

traffic between internal and

external networks.

Internet

FortiGate-4000 unit

in Transparent mode

Internal

192.168.1.2

Management IP

192.168.1.1

External

(Firewall, router)

Gateway to

public newtwork

POWER ON/OFF

LAN 1LAN 2

PWR/KVMSTATUS

KVM/ACCESS

previous next