16 Fortinet Inc.
Transparent mode Introduction
Transparent mode
Transparent mode provides the same basic firewall protection as NAT mode. Packets
received by the FortiGate unit are intelligently forwarded or blocked according to
firewall policies. The FortiGate unit can be inserted in your network at any point
without the need to make changes to your network or any of its components.
However, VPN and some advanced firewall features are only available in NAT/Route
mode.
Network intrusion detection
The FortiGate Network Intrusion Detection System (NIDS) is a real-time network
intrusion detection sensor that detects and prevents a wide variety of suspicious
network activity. NIDS detection uses attack signatures to identify over 1000 attacks.
You can enable and disable the attacks that the NIDS detects. You can also write your
own user-defined detection attack signatures.
NIDS prevention detects and prevents many common denial of service and packet-
based attacks. You can enable and disable prevention attack signatures and
customize attack signature thresholds and other parameters.
To notify system administrators of the attack, the NIDS records the attack and any
suspicious traffic to the attack log and can be configured to send alert emails.
Fortinet updates NIDS attack definitions periodically. You can download and install
updated attack definitions manually, or you can configure the FortiGate to
automatically check for and download attack definition updates.
VPN
Using FortiGate virtual private networking (VPN), you can provide a secure
connection between widely separated office networks or securely link telecommuters
or travellers to an office network.
FortiGate VPN features include the following:
• Industry standard and ICSA-certified IPSec VPN including:
• IPSec, ESP security in tunnel mode,
• DES, 3DES (triple-DES), and AES hardware accelerated encryption,
• HMAC MD5 and HMAC SHA1 authentication and data integrity,
• AutoIKE key based on pre-shared key tunnels,
• IPSec VPN using local or CA certificates,
• Manual Keys tunnels,
• Diffie-Hellman groups 1, 2, and 5,
• Aggressive and Main Mode,
• Replay Detection,
• Perfect Forward Secrecy,
• XAuth authentication,
• Dead peer detection.